Provide continuous assessment and analysis of trends relating to risk, internal and external threats, control gaps, and unauthorized exposure of company assets to leadership.
Meet with stakeholders to inform them of issues, assess appropriate mitigation and /or remediation activities, and track the agreed upon progress of those activities
Monitor industry regulatory environment, and closely related or connected industries, for changes and impacts that may affect H&P’s IT, Cybersecurity, and Data Governance efforts.
Assess the associated risks for the organization and provide timely recommendations and reporting
Provide direct support, as required, for IT and Cybersecurity related compliance efforts, to ensure a culture of continuous improvement and the ability to meet H&P’s compliance requirements
Perform third-party risk assessments of our partners, vendors, and contractors
Work directly with Cybersecurity management in the development, tracking and reporting of Cybersecurity metrics and KPIs for IT Risk operational concerns, operational and risk tracking for management, and risk trending for Executive Leadership
Work with management to develop and maintain policies to define governance for both information technology (IT) and operational technology (OT) assets.
Assist in the development, maintenance, and oversight of Cybersecurity related policies, procedures, standards, and associated documentation.

Minimum of 3+ years of experience in auditing, risk management, oversight and reporting, or related activities.
Bachelor’s Degree in Computer Science, MIS, Cybersecurity or Information Assurance or equivalent
Experience and knowledge of common regulatory and risk related frameworks such as NIST CSF, NIST SP 800-171, NIST SP 800-39, ISO27001/2, SOX, COBIT, ITIL, CIS, IEC 62443 etc.
Experience performing or directly supporting risk assessments (internal and external), threat and vulnerability assessments, and related activities
Working knowledge of operating systems (Windows, Linux, OSX, etc.), business applications, logging, virtualization technologies; and related server, networking, and workstation protocols and security issues
Proven ability to gather and analyze IT Risk data and provide guidance in acceptable remediation activities
Experience working within teams and with external (corporate and third-party) groups, preferably within an IT operations environment
Highly motivated, self-starting individual with ability to multi-task and manage to timelines with limited supervision in a fast paced and agile environment
Proven strong oral and written communication / presentation skills to a broad range of employees.
Ability to clearly communicate and articulate technical details to IT and Engineering personnel, but also simplify explanations for non-technical individuals and executives.

Governance, Risk & Compliance Analyst – I

Key skills