Senior Governance Risk and Compliance Analyst

Lincoln Electric is the world leader in the engineering, design, and manufacturing of advanced arc welding solutions, automated joining, assembly and cutting systems, plasma and oxy-fuel cutting equipment, and has a leading global position in brazing and soldering alloys. Lincoln is recognized as the Welding Expert™ for its leading materials science, software development, automation engineering, and application expertise, which advance customers' fabrication capabilities to help them build a better world. Headquartered in Cleveland, Ohio, Lincoln Electric is a $4.2B publicly traded company (NASDAQ:LECO) with over 11,000 employees around the world, with operations in 71 manufacturing and automation system integration locations across 21 countries and maintains a worldwide network of distributors and sales offices serving customers in over 160 countries.

 Location: Remote - Virginia - Cleveland, OH, United States (US)
Employment Status: Salary Full-Time
Function: Information Technology
Req ID: 25352 

Summary:

Important Note: This position requries U.S. Citizenship and candidates must currently be working in the United States.

The Technical Lead - IT Compliance will be responsible for ensuring that our company's IT systems, processes and information assets are protected in accordance with all relevant regulations and standards, such as SOX, NIST, CMMC, GDPR, ISO, AND TISAX. This role involves providing technical leadership, expertise, design and implementation of comploiance programs for new regulations.  This person will also provide guidance and technical design expertise on compliance initiatives, conducting audits and assessments, responding to cybersecurity questionnaires, supporting IT team members and mentoring IT GRC analysts.  This role is part of a team of GRC professionals, collaborates with cross-functional teams, and implements robust strategies to maintain and enhance our compliance posture.  Proven and previous program design and implementation experience is a MUST.  

What You Will Do: 

Cross-Functional Collaboration

• Work closely with enterprise technology, risk management, cybersecurity, and business teams to integrate compliance practices and align with industry standards.
• Collaborate with stakeholders across the organization to ensure a clear understanding of compliance requirements and alignment with business goals.
• Establish and maintain strong relationships with stakeholders across technology, compliance, cybersecurity, audit, HR and third-party vendors.
• Work with internal/external auditors, regulators, business stakeholders and other functional areas such as Legal, Compliance and HR.
• Provide guidance and support to other members of the IT team on compliance-related issues.

Compliance Frameworks and Process

• Maintain and enhance compliance assessment toolkits for testing and validation
• Play a critical role in leading the development, implementation, and maintenance of comprehensive GRC strategies aligned with CMMC, SOX, ISO 27001, and TISAX standards.
• Provide technical expertise in GRC practices, focusing on CMMC, SOX, ISO 27001, and TISAX frameworks.
• Develop, document, and implement IT compliance processes, procedures, and standards.
• Stay up-to-date with changes in regulations, standards, and emerging regulatory requirements and ensure compliance.
• Provide technical leadership for compliance projects.
• Manage and maintain compliance-related documentation and records.    
• Serve as a subject matter expert (SME) for GRC-related matters, guiding the team and organization in compliance best practices.
•  Drive continuous improvement initiatives to enhance the efficiency and effectiveness of compliance processes and controls.
•  Leverage automation and technology to streamline compliance activities and reporting.

Audits and Assessments

• Conduct regular audits and assessments to verify compliance with all applicable regulations and standards.
• Regularly assess and update the organization's compliance programs, policies, and procedures to meet changing regulatory landscapes.
• Conduct regular risk assessments to identify potential compliance vulnerabilities and gaps.
• Develop and implement risk mitigation plans to address identified issues and minimize exposure to compliance risks.
• Collaborate with internal audit teams to support compliance audits and assessments.
• Oversee the response process for customer cybersecurity inquiries, vendor questionnaires and compliance questionnaires.
• Develop and deliver relevant KPIs and metrics for management consumption.
• Evaluate security controls and identify opportunities for improvement and communicate recommendations.
• Identify and implement improvements to increase efficiency of the compliance program and processes.
• Collaborate with the Lead, IT Policy and Security Awareness to develop and deliver training programs on IT compliance for employees across the organization.

Required Experience & Education: 

• Must be a US Citizen and currently working in the United States
• Bachelor's degree in Computer Science, Information Security, or related field.
• 5+ years of experience in IT compliance, with experience in SOX, NIST, CMMC, GDPR, and ISO.
• Strong knowledge of relevant regulations and standards, such as SOX, NIST, CMMC, GDPR, ISO and TISAX.
• Strong understanding of IT and cybersecurity principles, risk management, and compliance best practices.
• Proven track record of leading and managing GRC initiatives and teams.
• Experience developing and implementing IT compliance programs, processes, procedures, and standards.
• Wide-ranging knowledge in technical infrastructure and applications, from legacy through next generation.
• Excellent project management, personal and organizational skills.
• Excellent communication and interpersonal skills.
• CISA, CGRC, CRISC, CIPP, CGEIT, or CISSP are required.
• Familiarity with relevant compliance management software and tools.

Lincoln Electric is an Equal Opportunity Employer. We are committed to promoting equal employment opportunity for applicants, without regard to their race, color, national origin, religion, sex (including pregnancy, childbirth, or related medical conditions, including, but not limited to, lactation), sexual orientation, gender identity, age, veteran status, disability, genetic information, and any other category protected by federal, state, or local law.