Topcon Positioning Group is headquartered in Livermore, California, USA (). Topcon Positioning Group designs, manufactures and distributes precise positioning products and solutions for the global surveying, construction, agriculture, civil engineering, BIM, mapping and GIS, asset management and mobile control markets.
To learn more about Topcon career opportunities go to .Summary
Topcon Global Information Security team is looking for an experienced Security and Compliance Analyst who will be the lead for the GRC function.
The Security and Compliance Analyst will be responsible for Control framework compliance oversight and execution of governance activities including auditing. The selected candidate will prioritize and track security and compliance risk issues, guide internal and external stakeholders on mitigation, identify risks that increase loss probability and communicate the posture to the Leadership team. The candidate will act as a subject matter expert for Security Governance, Risk, and Compliance.Responsibilities
- Measure effectiveness of compliance by conducting routine and focused audits of policy/procedure adherence and ensuring a compliance feedback/prevention process that uses the results of both internal and external audits and investigations to develop, revise and strengthen new and/or existing policies, procedures, and relevant employee training.
- Be responsible for third party risk assessments: assessing controls, processes, and/or systems to identify the threats and vulnerabilities that lead to a risk.
- Assist with the investigation, auditing, review, and analysis of general compliance, HIPAA Privacy, and other matters to help ensure compliance with internal policies.
- Assist with the development, update, revision, and/or implementation of compliance policies, procedures, and practices for general compliance and operations.
- Participate in risk assessments of applications, infrastructure, business, and technology vendors against a defined risk framework. These assessments will be conducted either through a formalized risk assessment program or through other risk reporting activities.
- Bachelor's degree.
- Expected 4-5 or more years of experience in cross-functional audit, risk, compliance and/or information security disciplines.
- Subject matter expertise in the areas of various frameworks including but not limited to SOX, PCI, HIPAA, ISO 27001, COBIT, etc.
- Knowledge and experience of HIPAA Privacy and Security Requirements or HITRUST or SOC 1/2 type audits
- Strong understanding of security frameworks and standards such as NIST, ISO27001, HIPAA, and other relevant regulations such as GDPR
- Ability to work independently, in a team, and cross-organizationally to analyze and communicate opportunities for strategic compliance improvements
- Critical thinking, productivity, and strong attention to detail
- Strong listening and written/verbal communication skills
- Experience in project management, along with organizational and planning skills
- Technical experience implementing controls and assessing processes for various applications and technologies (e.g., SAP, PeopleSoft, Oracle, SQL, Azure DevOps, AWS, Windows, Linux, Service Now, CI/CD processes, etc.).