Cybersecurity Grc Analyst Ii

Avnet Business Services GmbH

Avnet Business Services GmbH is the service provider of the Avnet Group in EMEA, founded in 2020. With its brands EBV Elektronik, Avnet Silica, Avnet Abacus, Avnet Embedded and Farnell, Avnet is one of the world's most successful distributors of semiconductor products and related services. Avnet is also an S&P 500 listed group. Employees in 70 countries set new standards every day in terms of innovation and quality, for which Avnet has been known in the market for 100 years.

Job Summary:
As a Cybersecurity Governance Risk and Compliance (GRC) Analyst II, you will be responsible for identifying and managing risks associated with Avnet's information systems, data, and infrastructure. Also, you will help to ensure the organization's cybersecurity measures align with industry best practices and Avnet's risk appetite.
- Other duties will include the development and evaluation cybersecurity controls, as well as creation and maintenance of relevant cybersecurity policies, procedures, standards, and guidelines that meet regulatory requirements and industry best practices. You will also perform gap analyses to identify areas for improvement in the organization's cybersecurity posture and work collaboratively with other departments to ensure cybersecurity risks are being managed effectively. You will conduct compliance assessments and assist with developing cybersecurity awareness training programs to promote a culture of cybersecurity across the organization. Additionally, you will help identify potential threats, vulnerabilities, and associated impacts to Avnet's information systems, data, and infrastructure.

What you will be doing:

- Provide technical guidance and consultation related to cybersecurity controls to include operational and Sarbanes Oxley (SOX).
- Develop, maintain, and publish cybersecurity policies, standards, and control documentation.
- Perform contract reviews and provides answers to customer questionnaires
- Facilitate discussions between compliance auditors and Information Technology staff to resolve issues while minimizing the risk exposure to Avnet.
- Develop cybersecurity training and awareness materials for a global audience of Avnet employees to influence user behavior and mitigate risk.
- Other duties as assigned.

Your profile:

- Typically 3+ years with bachelor's or equivalent.
- Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
- You are passionate about learning and are familiar with IT control frameworks, cybersecurity risk management, and regulatory compliance requirements.
- You have excellent communication skills and are able to work effectively with both technical and non-technical stakeholders to drive cybersecurity initiatives.
- Strong analytical skills, including the ability to review processes and controls, identify weak points and advise all levels of management on remediation actions
- Ability to quick adjust to new priorities and address items as they are identified
- Strong written and verbal communication skills to include a very high level of proficiency in Microsoft Word, PowerPoint and Excel, accompanied with talent to simplify and explain technical concepts to a no-technical business audience.
- Experience in designing controls and working with internal and external auditors is a plus
- Experience with cybersecurity frameworks such as NIST CSF, NIST 800-53, NIST 800-171, CMMC, ISO 27001 and PCI is a plus
- CISSP, CISA, CISM, PCI ISA certification is a plus
- Business fluent English
- German language is a plus

What's in it for you:

- Hybrid working model.
- A supportive multicultural team environment where everyone is working toward the same goal.
- A strong open-door policy.
- An environment where you will have the tools and opportunities to further your career
- Paid holiday, plus bank holidays.
- Work equipment.
- And more.

LI-EMEA

LI-AVNET

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills.

, Asia applicants

, EMEA applicants

- Job Applicant EMEA Imprints