Information Security Governance Analyst
Role details
Job location
Tech stack
Job description
Serve as an Information Security Professional as an Information Security Governance Analyst, protecting TechnipFMC information security throughout the system lifecycle. The Information Security Governance Analyst supports the IT compliance program within the Information Security organization. This support includes but is not limited to Sarbanes Oxley (SOX), SOC 2, ISO 27001, ISO 42001, NIST, questionnaires, audits and assessments from 3rd parties, clients and partners assessing the TechnipFMC's regulatory compliance status. Job Description
-
Audit & Assessment Support
-
Supports internal/external audits and controls testing.
-
Triages, assigns, and tracks requests for information.
-
Gathers, evaluates, and uploads evidence; resolves gaps with SMEs.
-
Perform quality checks on audit evidence before submission.
-
Manages audit schedules and status trackers.
-
Monitors control testing progress and track failed tests.
-
Assists with customer assessments and questionnaires.
-
Maintains Audit Findings List and Corrective Action Log
-
Reports audit findings and evidence status to GRC management.
-
Governing Document Management
-
Maintains and updates document status trackers.
-
Monitors and reports document status to stakeholders.
-
Supports document maintenance and updates as needed.
-
Program Improvement & Reporting
-
Identifies compliance program gaps and recommends improvements.
-
Maintains GRC metrics, KPIs, and the Risk and Controls Matrix (RCM).
-
Inputs data into the GRC module and publishes GRC-related content
-
Prepares materials for Management Reviews, Compliance Committees and other meetings.
-
Keeps up-to-date compliance dashboards., Requirements Management and Analysis Governance and Security Administration Lean Evidence Handling Regulatory Compliance Interpreting Requirements Project Risk and Issues Management Work Prioritization What we offer
-
My Wealth and Protection: Critical Illness Cover, Income Protection, Life Assurance, Will Writing, Workplace ISA, Group Personal Pension Plan - employer contributions up to 10%.
-
My Health and Wellbeing: Private Medical Insurance, Employee Assistance Programme, Dental Insurance, Health Assessments & Personal Accident Insurance.
-
My Lifestyle: Electric Vehicle Scheme, Cyle2Work, Employee Tech Scheme, Give as You Earn, GymFlex, Holiday Trading, Personal Travel Insurance, Perks at Work.
-
My Workplace: Subsidised Cafe, Branded workwear, Hybrid Working, Flexible Working Arrangements, Enhanced Maternity and Parental leave, Talent/Management and Leadership programmes, Various inhouse training opportunities for your personal development.
Requirements
- Bachelor's degree in computer science or related discipline considered as a plus
- Certifications: CISA, Security+, Network+, Azure AZ-900, AZ-500, AWS certification, CEH, etc.
Work Experience:
- Experience in supporting or auditing IT and Information Security compliance programs.
- Strong understanding of compliance regulations (e.g., Sarbanes Oxley 404, PCAOB, PCI, GDPR) and security standards (e.g., ISO 27001, NIST CSF).
- Familiar with IT governance and quality frameworks such as ISO, COBIT, and ITIL.
- Skilled in compliance metrics tracking.
- Proven ability to work effectively in global, matrixed environments.
- Excellent interpersonal, organizational, and communication skills.
- Strong analytical, problem-solving, and critical thinking capabilities.
- Comfortable collaborating across enterprise-scale organizations and building effective working relationships.
- Advanced oral and written communication skills in English., Verbal Communication Coaching Stakeholder Management Technical Writing Systems Thinking Compliance Support Risk Assessment Written Communication Incident Management Process Improvement Budgeting Demand Intake Project/Program Management Business Continuity and Disaster Recovery Planning Develop Governance Principles
