Governance, Risk & Frameworks Analyst - Dublin

Country: Ireland
City: Dublin
Req ID: 521439
Job Type: Full Time
Workplace Type: Hybrid
Seniority Level: Associate

About CRH

CRH is the leading provider of building materials critical to modernizing infrastructure. with out team of 83,000 people across 4,000 locations, our unmatched scale, connected portfolio, and deep local relationships make us the partner of choice for transportation, water, and reindustrialization projects, shaping communities for a better tomorrow. CRH (NYSE: CRH) is a member of the S&P 500 Index. For more information, visit www.crh.com .

Without you noticing our products, we are everywhere you live, work, and relax.

Our project portfolio includes some of the most sustainable and cutting-edge building projects around the world. Think of the asphalt on the Silverstone Grand Prix Circuit, the Paris Metro Rail project, but also the Louis Vuitton Museum in Paris, parts of the Burj Khalifa, and the Kennedy Space Centre.

As part of the Group Information Security team, the successful candidate will contribute to driving strategy and multi‑year programme plans aimed at reducing overall cyber risk, while also supporting related Group reporting and governance requirements.

Given the increasing need for global alignment and continuous improvement across CRH, the role will work closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices. The candidate will help drive standardisation, tracking, and measurement of information security metrics and management across 150+ CRH entities, covering cyber governance, risk, best practice, and framework activities.

The role will involve extensive engagement across divisions, regions, and OpCo management on key work areas, contributing to programmes that will be reported to the Global Information Security (Cyber) Council-chaired by the Group Finance Director and part of the Global Leadership Team (GLT). The outputs and progress tracking will form key components of the biannual Audit Committee updates and regular GLT updates.

This position will report into the Governance, Risk and Frameworks Manager.

Key Responsibilities:

The candidate will own work delivery in specific domains and support multiple work areas:

Global Governance & Risk Reporting

• Develop, implement, and continuously enhance global cyber‑risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.

• Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.

• Design and deploy the Group's third‑party due‑diligence assessment process.
• Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier‑related risks.

• Maintain, enhance, and support Group alignment with IEC/ISO 27001 accreditation requirements.
• Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.

• In alignment with Financial Regulatory Controls (FRC) and Sarbanes‑Oxley (SOX) reporting requirements, develop and support the execution of key entity‑level cyber controls, including incident reporting and security awareness.

• Partner closely with Group and Divisional teams-including Legal, Compliance, Finance, Risk, IT, and Internal Audit-to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
• Ensure timely follow‑up and drive sustained improvements based on audit outcomes.

• Experience working or consulting within large, diverse global organisations, navigating differing needs, priorities, and maturity levels.
• Strong team player with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
• Exceptional interpersonal skills, with the ability to build trusted relationships at all levels of the organisation.
• Outcome‑driven, with the ability to navigate challenges, resolve issues, and maintain momentum in multi‑stakeholder initiatives.
• Excellent written and verbal communication skills, able to clearly articulate technical concepts and processes to non‑technical audiences.
• Highly effective stakeholder engagement skills, capable of driving change within a matrixed organisation and promoting governance, IT security standards, and framework adoption.
• Strong analytical, reporting, and problem‑solving abilities, with the capability to assess issues from multiple perspectives and develop "win‑win" solutions.
• Comfortable operating in environments of uncertainty, ambiguity, and change, exercising good judgement to make informed decisions and recommendations.

• 3-5 years' experience in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organisations with diverse needs and priorities.
• Third‑level qualification (or equivalent) in Information Technology, Information Security, Engineering, or a related discipline.
• Preferred: Professional security certifications such as CISSP, CISM, GCIH, GIAC (SANS), or equivalent. (Candidates actively working toward these certifications are also encouraged.)
• Experience in developing, implementing, and supporting risk management and assurance frameworks (e.g., NIST CSF, IEC/ISO 27001).
• Experience with GRC platforms-administration skills in tools such as RSA Archer are a strong plus.
• Experience with eDiscovery tooling is an advantage.
• Proficiency in an additional language is a plus, reflecting CRH's global footprint.

• A culture that values opportunity for growth, development, and internal promotion
• Highly competitive salary package
• Comprehensive secondary benefits
• Significant contribution to your pension plan
• Health and wellness programs, including an on-site gym and fitness classes
• Excellent opportunities to develop and progress with a global organization