CRH logo

Governance, Risk, & Framework Analyst

CRH
5 hours ago
Full-time
On-site
Atlanta, GA

JobsCloseBy Editorial Insights

CRH is seeking a Governance, Risk & Framework Analyst in Atlanta, full-time onsite with a hybrid schedule, to join the Group Information Security team. You will shape global cyber risk programs for 150+ entities, roll out information security standards, lead third‑party due diligence, and drive audit remediation while reporting to the Governance, Risk and Frameworks Manager and supporting updates to the Global Information Security Council. Requirements include 3+ years in cybersecurity governance or risk within large global organizations, a relevant IT security degree, and professional certifications (CISSP, CISM, GIAC) preferred; RSA Archer and ISO 27001/NIST CSF experience are a plus. Tips: tailor your resume to show cross‑functional collaboration, measurable risk reductions, and strong stakeholder engagement; highlight audit, SOX, and framework alignment; emphasize adaptability for ambiguity; apply online with a complete profile.

 

 


Job ID:  525936
 

CRH is a leading global diversified building materials group, employing over 75,800 people at more than 3,160 locations in 29 countries. CRH is the leading building materials company in North America and the world. We manufacture and distribute a diverse range of superior building materials, products, and solutions, which are used extensively in construction projects of all sizes. 

 

Job Summary

 

As part of the Group Information Security team and reporting to the Governance, Risk and Frameworks Manager, the successful candidate will contribute to driving strategy and multi‑year program plans aimed at reducing overall cyber risk, while also supporting related Group reporting and governance requirements.

 

Given the increasing need for global alignment and continuous improvement across CRH, the role will work closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices. The candidate will help drive standardization, tracking, and measurement of information security metrics and management across 150+ CRH entities, covering cyber governance, risk, best practice, and framework activities.

 

The role will involve extensive engagement across divisions, regions, and OpCo management on key work areas, contributing to programs that will be reported to the Global Information Security (Cyber) Council—chaired by the Group Finance Director and part of the Global Leadership Team (GLT). The outputs and progress tracking will form key components of the biannual Audit Committee updates and regular GLT updates.

 

Job Location

 

This role is based at our corporate office in the Perimeter area of Atlanta, GA – hybrid work schedule

 

Job Responsibilities

 

  • Develop, implement, and continuously enhance global cyber risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.
  • Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.
  • Design and deploy the Group’s third-party due diligence assessment process.
  • Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier related risks.
  • Maintain, enhance, and support Group alignment with IEC/ISO 27001 accreditation requirements.
  • Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.
  • In alignment with Financial Regulatory Controls (FRC) and Sarbanes Oxley (SOX) reporting requirements, develop and support the execution of key entity level cyber controls, including incident reporting and security awareness.
  • Partner closely with Group and Divisional teams—including Legal, Compliance, Finance, Risk, IT, and Internal Audit—to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
  • Ensure timely follow up and drive sustained improvements based on audit outcomes.

 

Job Requirements

 

  • Experience working or consulting within large, diverse global organizations, navigating differing needs, priorities, and maturity levels.
  • Strong team player with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
  • Exceptional interpersonal skills, with the ability to build trusted relationships at all levels of the organization.
  • Outcome driven, with the ability to navigate challenges, resolve issues, and maintain momentum in multi stakeholder initiatives.
  • Excellent written and verbal communication skills, able to clearly articulate technical concepts and processes to non-technical audiences.
  • Highly effective stakeholder engagement skills, capable of driving change within a matrixed organization and promoting governance, IT security standards, and framework adoption.
  • Strong analytical, reporting, and problem-solving abilities, with the capability to assess issues from multiple perspectives and develop “win-win” solutions.
  • Comfortable operating in environments of uncertainty, ambiguity, and change, exercising good judgement to make informed decisions and recommendations.
  • 3 or more years’ experience in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organizations with diverse needs and priorities.
  • Third level qualification (or equivalent) in Information Technology, Information Security, Engineering, or a related discipline.
  • Preferred: Professional security certifications such as CISSP, CISM, GCIH, GIAC (SANS), or equivalent. (Candidates actively working toward these certifications are also encouraged.)
  • Experience in developing, implementing, and supporting risk management and assurance frameworks (e.g., NIST CSF, IEC/ISO 27001).
  • Experience with GRC platforms—administration skills in tools such as RSA Archer are a strong plus.
  • Experience with eDiscovery tooling is an advantage.
  • Proficiency in an additional language is a plus, reflecting CRH’s global footprint.

 

What CRH Offers You

 

  • Highly competitive base pay
  • Comprehensive medical, dental and disability benefits programs
  • Group retirement savings program
  • Health and wellness programs
  • An inclusive culture that values opportunity for growth, development, and internal promotion

 

 

About CRH

 

CRH has a long and proud heritage. We are a collection of hundreds of family businesses, regional companies and large enterprises that together form the CRH family. CRH operates in a decentralized, diversified structure that allows you to work in a small company environment while having the career opportunities of a large international organization.

 

If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!

 

CRH is an Affirmative Action and Equal Opportunity Employer.

 

EOE/Vet/Disability

 

CRH is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law. 

 

AI tools may be used in certain stages of the employment lifecycle, such as candidate review; however, all final employment decisions will be made by a person.