About Us
Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $5.8 billion in revenue for 2023, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for industrial, commercial, institutional, and residential related building projects.
The Role We Want You For
Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst is a Risk-focused, highly analytical role that ensures all material Risk to Clayco Information Assets is identified, quantified, documented, and treated to an acceptable level across the Clayco organization. This role will involve rigorous discovery and research to determine the full context and scope of exposure to Risk associated with potential for compromise due to a Control gap or exploitable misconfiguration as well as non-compliance with legal and regulatory requirements.
This role will execute and improve current processes for objectively evaluating identified risks, control gaps, and non-compliance with regulations, policies, and standards. This role will ensure the appropriate capture, analysis, recommended treatment, assignment, and tracking of identified issues. This role will also own and maintain the Enterprise Risk Register as a point of documentation, Risk rating, tracking, and reporting to ensure that ALL Risk is well understood, quantified, prioritized, and communicated for timely treatment relative to severity.
This role will also assume ownership of the Third-Party Risk Management (TPRM) process to gather details on the security practices and compliance levels for each third-party being considered or contracted for a product or services. Additional contribution will be expected for internal assessments and 3rd Party audits to gather and submit discovery and transactional responses and artifacts.
Additional responsibilities will be assigned as deemed necessary. Any travel is usually planned, but issues may arise which warrant immediate travel to one or more satellite locations.
The Specifics of the Role
- Assumes operational ownership of Vendor Risk Questionnaire and its assignment to new and existing Vendors, coordination of collecting Vendor responses, collaborating the assessment of potential Risk based on Vendor responses, collaborating on documentation and communication of relevant findings and recommendation to stakeholders.
- Administers the Risk Register to document, quantify, and rate Risk with analysis tools, develop treatment recommendations in collaboration with InfoSec team, assign Remediation Tasks to appropriate group/individual, track progress of remediation completion, and apply Risk analysis tools to ensure Residual Risk is at an acceptable level.
- Interface with assessment and analysis tools to identify potential Risk areas to facilitate a timely and appropriate response to include recommending compensating control(s), process/procedure modifications, awareness training content modification, policy revisions, etc.
- Understands asset criticality as a primary component to the Risk calculation for identified system software, their versions, and any misconfiguration.
- Tracks, monitors, and reports on execution of remediation action plans and escalates inadequate responses or progress
- Conduct risk assessments of IT Systems & Applications to identify gaps in Clayco’s security posture.
- Collaborates cross-functionally with other Information Technology teams and Business Stakeholders across the Organization
- Provides leadership with comprehensive reports of Risk-focused activities and outcomes, as requested.
Requirements
- 5-7+ years’ experience in Risk & Compliance Assessment, Audit & Reporting, or similar functions, preferably within the Information Security or Technology fields
- 3-4+ years working specifically in Information Security roles involving Risk Analysis, Information System Security Assessment, Compliance Audit with Regulations, Frameworks, & Standards
- Bachelor's degree in Information Technology or related field, or equivalent experience
- Required Certifications: Certified in Risk & Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), or Certified Information Systems Security Professional (CISSP) (Current status, or obtained within 9 months of assuming role)
- Strong experience leveraging auditing principles and methods to evaluate policies, processes, systems, and vendors to identify business risks and control gaps
- Experience in administering Risk management programs for technology and information security
- Strong, technical knowledge of modern Systems, Services, Cloud Applications/Platforms, Identity Services, and Data Storage/Handling and their areas of Risk and Threat exposure
- Experience with administering, maintaining, and leveraging a Risk Register to track and communicate identified Risk and its required remediation
- Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems
- Proficiency in necessary productivity tools (i.e. Microsoft Excel, PowerPoint, Word etc.) for analytics and presentations
- Operate with strong integrity with ability to handle projects of a sensitive & confidential nature
- Excellent written and verbal communication skills with a proven ability to translate technical or abstract concepts into a narrative that is easily understood by clients.
Some Things You Should Know
- No other builder can offer the collaborative design-build approach that Clayco does.
- We work on creative, complex, award-winning, high-profile jobs.
- The pace is fast!
Why Clayco?
- Best Places to Work – St. Louis Business Journal, Los Angeles Business Journal, Phoenix Business Journal.
- ENR – Top Midwest Contractors (#1), Top Design Build Contractors (#4), Top 400 Contractors (#23), ENR – Top Green Builders (#5).
Compensation and Benefits
- Competitive Annual Salary: Based on qualifications, skills, training, experience, and location.
- Discretionary Annual Bonus: Subject to company performance and individual contribution.
- Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!