Cybersecurity GRC Specialist - Assessment and Tracking

General information about the project:

Hitachi Energy portfolio includes some of the most advanced and powerful products and systems, and Cybersecurity for us is a pervasive quality integrating across all domains, from core IT, factories, business all the way to products and services. Understanding Cybersecurity as pervasive will help us work more efficiently.

Cybersecurity team is growing and is seeking a Cybersecurity Specialist - GRC with a focus on assessments and tracking. As a Cybersecurity Specialist GRC Assessment/Tracking, you will contribute to the further development of our Cybersecurity portfolio and will independently conduct consulting and assessment engagements.

Successful candidate should have energy, discipline, and the motivation to succeed.

• You will contribute to Hitachi Energy Cybersecurity Governance Framework, and to the further development of Cybersecurity validation and assessment services, applying and incorporating relevant standards of Hitachi, the industry and other applicable regulation, as assigned.
• You will independently conduct consulting and assessment engagements with different counterparts in and outside of Hitachi Energy.
• In interaction with counterparts, and in line with our Risk Management Framework, you will drive findings and observations to completion, including status tracking and reporting.
• You will advise counterparts on activities such as risk treatment options, remediations, mitigations, assess adequacy and raise next steps as needed.
• You will work closely with domain and process custodians to identify Cybersecurity control processes and associated ownership.
• Living core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.
• You provide leadership to temporary work teams, guiding and monitoring task completion, sharing expert knowledge and advice normally without carrying line responsibility.

• Relevant University Degree and 8+ years relevant experience in Information Security governance, risk management and compliance in large, global organizations (consulting, audit or industry/operations), preferably covering industry and project experience.
• Experience in establishing and maintaining a Cybersecurity governance framework.
• Experience in Risk Management and Consulting definition and implementation; ability to execute with minimal supervision.
• Experience to operate in an international environment; limited travel (20%) as required.
• Knowledge of relevant security standards such as ISO27001/2, NIST CSF, CIS controls v8, ITIL required.
• Experience with GRC tools a plus.
• In-depth knowledge of the ISO 27001:2013 and ISO 27001:2022 standard as well as the ISO 27000 family of standards, including ISO 27005, citing specific roles and responsibilities.
• Information Security/Risk Management certification (CISA, CISM, CISSP, CRISC...) required.
• Project Management certification a plus.
• Fluency in verbal English and excellent English writing skills are essential.