Governance Risk and Compliance Analyst - Kiewit Technology Group

Position Overview

The Governance Risk and Compliance Analyst will play a crucial role in ensuring the security, compliance, and operational efficiency of our organization's IT systems. They will be responsible for implementing and maintaining a robust continuous monitoring program to identify and address security and compliance risks promptly. This role requires a strong understanding of IT security, audit processes, and the ability to work collaboratively with cross-functional teams. 
 

District Overview

Kiewit Technology Group (KTG) builds solutions to enable and support a $12.5 billion company. Our mission is to deliver project schedule and cost certainty by employing technology designed by and for the construction industry. Our team deploys technology solutions to the field and home office departments that increase profitability by maximizing the way we use our people and resources in daily operations. KTG uses systems and tools that manage every part of Kiewit’s business and lifecycle of a project to improve planning and day-to-day execution in the field by giving our people real-time data to make faster, smarter decisions. When you join KTG, you will make an impact on the critical work we do every day. 
 

Location

This position is located at our office at 12720 I Street, Omaha, NE.  Work schedule is Monday - Thursday, with the option to work remote on Friday's.

Responsibilities

This position is part of the team responsible for establishing and maintaining an enterprise Information Security Governance, Risk and Compliance vision, strategy and program. 

•    Continuous Monitoring: Develop and maintain a continuous monitoring framework to track and analyze IT security controls, vulnerabilities, and compliance with industry standards and regulations.
•    Risk Assessment: Identify and assess IT security risks, vulnerabilities, and weaknesses in systems, networks, and applications. Provide recommendations for risk mitigation.
•    Compliance: Ensure that the organization adheres to relevant regulatory requirements such as ISO 27001:2013 and NIST 800-171, industry standards, and internal policies. Conduct audits and assessments to confirm compliance.
•    Auditing and Reporting: Conduct regular audits of IT systems, policies, and procedures. Prepare comprehensive audit reports with findings, recommendations, and action plans for management.
•    Security Awareness: Promote IT security awareness and best practices among employees. Provide training and guidance on security measures.
•    Documentation: Maintain accurate records of audit findings, remediation efforts, and compliance status. Ensure documentation is up-to-date and easily accessible.
•    Vendor and Technology Evaluation: Stay informed about emerging technologies and security threats. Evaluate new vendors, tools and solutions that can ensure compliance with security requirements.
•    Collaboration: Work closely with IT teams, including network administrators, system administrators, and developers, to implement security controls and address vulnerabilities.

Qualifications

•    Minimum 3 years’ experience in IT Audit or Security Audit.
•    Bachelor’s Degree Cyber Security or IT related field preferred.
•    Relevant professional certifications such as CISA, CISSP, or CRISC, a plus.
•    Strong knowledge of IT security frameworks, compliance standards (e.g., ISO 27001, NIST 800-171), and regulatory requirements.
•    Familiarity with security tools and technologies, including SIEM systems.
•    Demonstrate solid knowledge on technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks.
•    Capable of identifying, evaluating, and mitigating significant risks within an enterprise.
•    Possess strong influencing, negotiating, and relationship building skill.
•    Strong oral and written communication skills and the ability to work well with people from many different disciplines with varying degrees of technical experience.
•    Possess strong analytical skills attention to detail.
•    Must be able to work independently and as part of a team.
•    Must have excellent verbal and written communication skills.

#LI-Hybrid

#LI-KM