The Senior IT Security GRC Analyst (Global) is responsible for the governance, oversight, and lifecycle management of IT security risk across Olympus. This role makes sure that security risks, controls, and responsibilities are found, evaluated, managed, and clearly shared according to company rules, outside laws, and accepted industry standards.
This position operates as a senior, globally consistent IT security GRC role. While execution activities are distributed across regions, service providers, and technical teams, this role retains accountability for security risk governance, control framework alignment, exception management, and executive-level visibility.
The role functions as a leader by default, exercising judgment, influence, and authority without requiring formal people management, and serves as a trusted partner to IT, business, security operations, architecture, privacy, and assurance functions.
The Senior IT Security GRC Analyst (Global) is accountable for the following core responsibility areas. Responsibilities are global in scope, with execution assigned based on regional needs, maturity, and business priorities.
IT Security Governance and Policy Alignment
- Establish, maintain, and operationalize IT security governance structures aligned to Olympus policies and global standards.
- Ensure security-related policies, standards, and procedures are consistently interpreted and applied across regions and systems.
- Translate regulatory and framework requirements into actionable governance expectations for IT security.
Enterprise IT Security Risk Management
- Own the end-to-end lifecycle of IT security risk, including identification, assessment, prioritization, treatment tracking, escalation, and reporting.
- Supports and escalates IT security risk acceptance decisions in alignment with the enterprise risk management model and defined approval thresholds.
- Maintain and govern the IT security risk register within approved GRC tooling.
- Evaluate security risks arising from systems, services, projects, third parties, and control gaps.
- Ensure material security risks are communicated upward in a timely and disciplined manner.
- Ensures material or unresolved IT security risks are escalated and made visible in accordance with established governance processes.
This role owns IT security risk. Enterprise-wide IT risk ownership and acceptance reside with IT Assurance.
Security Control Framework Ownership
- Own governance of IT security control frameworks (e.g., NIST, ISO), including control definition, mapping, and alignment to policy and regulatory requirements.
- Monitor and assess control effectiveness using evidence, metrics, and tool outputs.
- Validates security control effectiveness through evidence-based assessment methods aligned to recognized security frameworks.
- Govern security-related exception management, including documentation, risk evaluation, treatment tracking, and reporting.
- Partner with technical and operational teams responsible for control execution without assuming operational responsibility.
Third-Party and Supply Chain Risk Management
- Conduct and govern IT security risk assessments for third-party vendors and service providers.
- Analyze security posture, identify control gaps, and recommend risk treatment options.
- Track and report third-party security risks and remediation commitments.
- Support secure procurement and onboarding processes through a security risk lens.
Audit, Compliance, and Regulatory Enablement
- Support internal and external audits by providing security-focused evidence, analysis, and responses.
- Coordinate security-related audit activities, timelines, and stakeholder engagement.
- Ensure security control obligations are traceable, defensible, and audit-ready.
This role is not an audit function. Audit independence and ownership reside with IT Assurance.
Metrics, Reporting, and Risk Communication
- Interpret outputs from security and compliance tools to identify trends, risks, and control performance.
- Develop and maintain dashboards, KPIs, and executive-level reporting related to IT Security risk.
- Translate technical security data into clear business-relevant insights for executive leadership.
Leadership, Stakeholder Engagement, and MSSP Oversight
- Act as a leader and representative of IT Security GRC across global and regional stakeholders.
- Direct and oversee MSSP activities within the defined GRC scope, ensuring alignment to governance expectations.
- Exercise judgment on escalation while maintaining proactive upward information sharing.
- Influence outcomes through collaboration, clarity, and accountability rather than hierarchy.
Why work at Olympus
At Olympus, we are committed to fostering a high-performing culture, a collaborative environment, and empowering everyone to shine. Our shared values—integrity, empathy, long-term view, agility, and unity—form the foundation of our culture and guide our behavior. These values ensure that our people feel they are making a meaningful difference every single day.
Joining Olympus means embarking on a meaningful, rewarding, and challenging career. In addition, you will enjoy access to a range of benefits, including
- A competitive salary package: inclusive of AWS (Annual Wage Supplement) and a variable bonus.
- Hybrid work arrangements: Supporting flexibility and work-life balance.
- Health and Wellbeing Initiatives: Including annual medical checkups, dental benefits, and access to employee assistance programs (EAPs).
What we are looking for:
Education:
- A minimum of a Bachelor's degree in Information Security/ Technology is preferred or equivalent experience.
- Should hold at least one relevant and related security certification (Ex: CISM, CISSP, CISA, CRISC, etc.)
Experience:
- Minimum 8 years of relevant work experience (IT Security, GRC, etc.)
- At least 5 years of Lead/Manager experience.
- Thorough Knowledge and understanding of Cybersecurity Frameworks, like ISO 27001/27002, NIST, CoBiT, BCM, ITIL, GDPR, ITAR, SOX (JSox) and IT risk management.
Apply Now:
To submit your interest in this opportunity, select Apply for this job.
Want to know more
Confidential discussions are welcome; contact our TA Partner.
Olympus is an Equal Opportunity Employer.
We are deeply committed to fostering a respectful, fair, and welcoming workplace for all individuals, perspectives, and lifestyles. We believe in fostering a nondiscriminatory, inclusive work environment where everyone feels a sense of belonging, in full compliance with legal standards. Empathy and unity are core to our company culture, empowering employees to contribute fully and flourish. We warmly encourage all who wish to bring their talents to Olympus to apply.
