Cyber Risk & Governance Analyst - Atlanta, GA

Job ID: 508087

CRH is a leading global diversified building materials group, employing over 75,800 people at more than 3,160 locations in 29 countries. CRH is the leading building materials company in North America and the world. We manufacture and distribute a diverse range of superior building materials, products, and solutions, which are used extensively in construction projects of all sizes.

Job Summary

• Support the adoption and effective implementation of NIST CSF 2.0 self assessments across multiple Operating Companies (OpCos).
• Provide expert guidance, support and oversight to ensure cybersecurity maturity and compliance, with a focus on risk advisory and risk management.
• This role aims to embed cybersecurity best practices while fostering a collaborative and supportive approach to risk management.

• Lead and support OpCos in conducting NIST CSF 2.0 self-assessments, ensuring accurate evaluations of cybersecurity controls.
• Deliver actionable advisory services to improve OpCo risk management practices and enhance overall cybersecurity maturity.
• Act as the primary point of contact for NIST CSF 2.0 guidance, offering practical solutions to identify risks and gaps.
• Review and assess NIST self-assessment findings to produce detailed reports with clear recommendations for risk mitigation.
• Work collaboratively with OpCo stakeholders to design and implement remediation plans addressing cybersecurity gaps.
• Develop and maintain a knowledge-sharing network to promote best practices across the organization.
• Monitor emerging cybersecurity threats and regulatory developments, integrating them into the advisory process.
• Contribute to the development and enhancement of governance frameworks, policies, and processes.

• Team player with strong interpersonal skills.
• People-focused approach to solving issues.
• Engaging with strong interpersonal skills.
• Strong knowledge of NIST CSF 2.0 and other cybersecurity frameworks (e.g., ISO 27001, COBIT).
• Proven ability to perform risk assessments and provide advisory services.
• Excellent communication skills to effectively interact with technical and non-technical stakeholders.
• Ability to identify opportunities for improvement and implement practical solutions to cybersecurity challenges.
• Demonstrable experience (3-5 years) in IT risk management, cybersecurity governance, or audit roles.
• Relevant third-level qualification, preferably in Information Technology, Information Security, or related fields.
• Certifications such as CISA, CISSP, or CRISC are desirable.
• Experience working with diverse, multi-regional teams.
• Ability to build trust and foster collaboration across diverse teams and stakeholders.
• Problem-solving mindset with a focus on process improvement
• Proactive, self-motivated, and capable of working independently in a dynamic environment.
• Skilled at presenting technical concepts to non-technical audiences.

• Highly competitive base pay
• Comprehensive medical, dental and disability benefits programs
• Group retirement savings program
• Health and wellness programs
• A diverse and inclusive culture that values opportunity for growth, development, and internal promotion