CRH PLC

Governance, Risk, & Framework Analyst

CRH PLC$80K — $110K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3+ years of experience in cybersecurity governance and risk management within large global organizations.
  • Strong team-oriented mindset with collaborative problem-solving skills.
  • Exceptional communication skills, catering to technical and non-technical audiences.
  • Proven stakeholder engagement abilities in a matrixed environment.
  • Third-level qualification in IT, Information Security, Engineering or similar field.
  • Preferred credentials include CISSP, CISM, GCIH, or GIAC, or progress toward these certifications.
  • Experience with risk management frameworks like NIST CSF or IEC/ISO 27001.

Responsibilities

  • Develop and enhance global cyber risk assessment processes for 150+ entities.
  • Implement and support information security standards across the Group.
  • Design and manage the third-party due diligence assessment process.
  • Collaborate to evaluate and mitigate supplier-related risks.
  • Ensure alignment with IEC/ISO 27001 accreditation criteria.
  • Provide consultancy support to improve security controls for business units.
  • Execute key cyber controls in line with FRC and SOX requirements.

Benefits

  • Comprehensive medical, dental, and disability benefits programs.
  • Group retirement savings program.
  • Health and wellness programs.
  • Opportunities for growth, development, and internal promotion.
  • An inclusive corporate culture.
Full Job Description
Governance, Risk, & Framework Analyst

CRH Americas Corporate

Atlanta, Georgia, United States

Job ID: 525936

Job Summary

As part of the Group Information Security team and reporting to the Governance, Risk and Frameworks Manager, the successful candidate will contribute to driving strategy and multi-year program plans aimed at reducing overall cyber risk, while also supporting related Group reporting and governance requirements.

Given the increasing need for global alignment and continuous improvement across CRH, the role will work closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices. The candidate will help drive standardization, tracking, and measurement of information security metrics and management across 150+ CRH entities, covering cyber governance, risk, best practice, and framework activities.

The role will involve extensive engagement across divisions, regions, and OpCo management on key work areas, contributing to programs that will be reported to the Global Information Security (Cyber) Council-chaired by the Group Finance Director and part of the Global Leadership Team (GLT). The outputs and progress tracking will form key components of the biannual Audit Committee updates and regular GLT updates.

Job Location

This role is based at our corporate office in the Perimeter area of Atlanta, GA - hybrid work schedule

Job Responsibilities

  • Develop, implement, and continuously enhance global cyber risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.
  • Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.
  • Design and deploy the Group's third-party due diligence assessment process.
  • Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier related risks.
  • Maintain, enhance, and support Group alignment with IEC/ISO 27001 accreditation requirements.
  • Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.
  • In alignment with Financial Regulatory Controls (FRC) and Sarbanes Oxley (SOX) reporting requirements, develop and support the execution of key entity level cyber controls, including incident reporting and security awareness.
  • Partner closely with Group and Divisional teams-including Legal, Compliance, Finance, Risk, IT, and Internal Audit-to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
  • Ensure timely follow up and drive sustained improvements based on audit outcomes.


Job Requirements

  • Experience working or consulting within large, diverse global organizations, navigating differing needs, priorities, and maturity levels.
  • Strong team player with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
  • Exceptional interpersonal skills, with the ability to build trusted relationships at all levels of the organization.
  • Outcome driven, with the ability to navigate challenges, resolve issues, and maintain momentum in multi stakeholder initiatives.
  • Excellent written and verbal communication skills, able to clearly articulate technical concepts and processes to non-technical audiences.
  • Highly effective stakeholder engagement skills, capable of driving change within a matrixed organization and promoting governance, IT security standards, and framework adoption.
  • Strong analytical, reporting, and problem-solving abilities, with the capability to assess issues from multiple perspectives and develop "win-win" solutions.
  • Comfortable operating in environments of uncertainty, ambiguity, and change, exercising good judgement to make informed decisions and recommendations.
  • 3 or more years' experience in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organizations with diverse needs and priorities.
  • Third level qualification (or equivalent) in Information Technology, Information Security, Engineering, or a related discipline.
  • Preferred: Professional security certifications such as CISSP, CISM, GCIH, GIAC (SANS), or equivalent. (Candidates actively working toward these certifications are also encouraged.)
  • Experience in developing, implementing, and supporting risk management and assurance frameworks (e.g., NIST CSF, IEC/ISO 27001).
  • Experience with GRC platforms-administration skills in tools such as RSA Archer are a strong plus.
  • Experience with eDiscovery tooling is an advantage.
  • Proficiency in an additional language is a plus, reflecting CRH's global footprint.


What CRH Offers You

  • Highly competitive base pay
  • Comprehensive medical, dental and disability benefits programs
  • Group retirement savings program
  • Health and wellness programs
  • An inclusive culture that values opportunity for growth, development, and internal promotion


If you're up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!

About CRH PLC

CRH plc is a leading global building materials company headquartered in Dublin, Ireland. The company operates in 31 countries with a primary focus on Europe and North America. CRH produces and supplies a range of integrated building materials, products and innovative solutions which are used in construction projects ranging from large, infrastructural projects to residential buildings. The company's product portfolio includes cement, aggregates, asphalt, readymixed concrete, roofing and other building materials. CRH is committed to sustainable development and has set ambitious targets to reduce its carbon footprint and improve its environmental performance. The company is listed on the London Stock Exchange and the Irish Stock Exchange.
Learn more about CRH PLC
Size
77,446 employees
Market Cap
$29.5 billion
Industry
Net Income
$1.1 billion
5 Year Trend
+3.3%
Revenue
$27.5 billion
NASDAQ

Similar Jobs

More Jobs at CRH PLC

More Information Technology Jobs

Find similar Governance, Risk, & Framework Analyst jobs: