|Date Posted||July 6, 2019|
Job ID: 153366
Oldcastle APG, a CRH company, is a leading supplier of products for North America’s building and landscaping markets. Its products include concrete masonry and hardscapes, packaged cement mixes, packaged lawn and garden products and composite decking products that are sold through a variety of channels. Oldcastle APG is the innovator behind many of the industry’s well-known brands including Belgard Hardscapes, Echelon masonry products, Sakrete bagged dry-mixes, Anchor Wall Systems, MoistureShield composite decking, among others. With over 195 operating locations and 6,500 employees, Oldcastle APG operates across 36 states and 5 Canadian provinces. Oldcastle APG is a U.S. subsidiary of CRH plc., a leading global diversified building materials group.
The Information Security Compliance Analyst runs internal and external IT compliance audits and IT electronic records management. This role will assist with supporting risk remediation efforts and establishing robust processes to support an efficient and effective audit process. This role will ensure that all requirements (e.g. Sarbanes-Oxley, Payment Card Industry Data Security Standards, Policies, etc.) are being followed. This role will document and perform routine control tests and provide recommendations on how to improve processes to comply with requirements. This role will establish and maintain a records life cycle to ensure that all records are appropriately managed in accordance to company policy (e.g. creation, modification, movement, and destruction). This role will work closely with management, legal, team members and other Product Groups throughout Oldcastle, as needed.
Duties and Responsibilities
- Works closely with control owners to ensure controls are executed correctly.
- Maintains and enhances documents, procedures, processes to support an efficient compliance program.
- Performs security compliance assessments on controls, processes and reports on findings.
- Develops strong recommendations for corrective actions to reduce risk and to ensure compliance.
- Ensures the accurate compilation of evidence in preparation for any audit or compliance check.
- Leads requirements gathering process as part of an audit request or incident investigation.
- Tracks and monitors all risk related findings via a database.
- Ensures all noncompliant findings are remediated in a timely manner to reduce risks.
- Identifies key controls applicable to the business and ensures these controls are achievable in order to attain 100% compliance.
- Supports and participates where necessary to enhance Risk Management program.
- Establishes and maintains electronic records lifecycle.
- Performs other duties as assigned by the Director of Information Security.
Required Knowledge, Skills, Abilities and Experience
- Minimum of 5 years working as an IT Security Compliance Analyst, Auditor, Enterprise Risk Analyst or similar role.
- Strong knowledge in performing technology risk assessments, IT audits and compliance (e.g. SOX) assessments.
- Demonstrated knowledge in verifying systems, applications and business processes are secure.
- Expertise level knowledge of developing project plans, work programs, evaluating controls, documenting results, making recommendations and communicating information to all levels of management.
- Ability to manage multiple projects, meet deadlines while ensuring quality and performance.
- Preferred experience assessing Enterprise Resources Planning software (e.g. Infor/M3, Lawson, SAP, Oracle, etc.).
- Preferred experience assessing Microsoft technologies (e.g. Active Directory, SQL database, Windows servers, etc.).
- Preferred experience assessing IBM technologies (e.g. AS400 iSeries Systems, etc.).
- Knowledgeable about network security controls and how to identify gaps as it relates to compliance requirements.
- Familiar with industry best practices and frameworks (e.g. COBIT, ISO 27001, NIST, etc.).
- Familiar with Identity & Access Management principles.
- Strong knowledge of Microsoft Office suite (e.g. Office, Excel, PowerPoint, Project, Visio, SharePoint, etc.)
- Knowledgeable about IT Processes (e.g. Change Management, Software Development phases, Business process, Business Continuity, Disaster Recover, etc.).
- Familiar with Audit and Security tools to assist with gathering evidence.
- Possesses excellent analytic skills and is a problem solver.
- Strong written, oral, and interpersonal skills.
- Ability to work independently with minimal supervision is required.
- Willingness to travel up to 20% within North America.
Required Training and Education
- Bachelor’s degree from a nationally accredited University/College in Information Security, Risk Management, Accounting, Information Systems, Business or a related discipline or equivalent work experience.
- At least one professional certification, such as, CRISC, CISA, CIA, CISSP, ICRM is required.
Desired Training and Education
- Master degree or Risk/Audit related certifications such as CRISC, CISA, or CISSP.
- Centrally located in Dunwoody, GA.
- Office offers excellent amenities, such as, café, free parking and spacious work areas.
What CRH Americas Offers You
- Highly competitive base pay
- Comprehensive medical, dental and disability benefits programs
- Group retirement savings program
- Health and wellness programs
- A culture that values opportunity for growth, development, and internal promotion
About CRH Americas
CRH Americas has a long and proud heritage as one of North America’s largest corporations. We are a proud reflection of the hundreds of family businesses, local and regional companies and mid to large sized enterprises that together form the CRH Americas family. CRH Americas operates with a decentralized, diversified structure, letting you work in a small company environment while having the career opportunities of a large enterprise.
Oldcastle Architectural, a CRH company, is a great place to grow! If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Please complete your online application and profile which will be sent directly to the appropriate Hiring Manager. Thank you for your interest in the CRH family!
CRH Americas is an Affirmative Action and Equal Opportunity Employer.
EOE/Vet/Disability--If you want to know more, please click on this link.