Job Title: Cyber Risk Analyst
Location: Portland, Oregon
Reporting to: Global Director of Governance, Risk & Compliance (US - Pacific)
Business Unit: Corporate Cyber Security
Job Description Role:
Trimble is transforming the way the world works by delivering products and services that connect the physical and digital worlds. Core technologies in positioning, modeling, connectivity, and data analytics enable customers to improve productivity, quality, safety, and sustainability. From purpose-built products to enterprise lifecycle solutions, Trimble software, hardware and services are transforming a broad range of industries such as agriculture, construction, geospatial and transportation and logistics.
In order to improve integrity between physical and digital worlds, Governance, Risk and Compliance (GRC) facilitates the integrated collection of capabilities necessary to support connected performance. GRC does not burden the business, it supports and improves it by adding value through establishing efficiencies, centralizing policy and fostering risk reduction to maintain Trimble brand equity. GRC resides within the corporate Trimble Cybersecurity team.
To be considered for this position, you must be familiar with security frameworks (e.g., CIS, NIST, CSF, BSIMM), software development practices, quality assurance (QA) and program practices including Agile, security control auditing, vendor security assessments, vulnerability remediation, risk scoring, automation through scripting, system administration, data analysis, troubleshooting, event correlation and creative problem solving.
You are a self-motivated, technical, and versatile individual contributor looking to fill a Cyber Security Risk Analyst role by joining a diverse and collaborative international cyber security team for a large dynamic publicly traded company. You will be responsible for helping to secure Trimble's product portfolio and Enterprise systems. You will be a crucial member of our GRC organization, working to reduce risk and improve Governance, Risk and Compliance workflow across the enterprise.
The role requires an individual who works well independently or as part of a global team by adding value through managing risk discovery, analysis, scoring, disclosure, and reduction.
* Contribute to risk management processes to ensure business risk posture is properly calculated and proactively managed
* Track and maintain corporate risk registers and contribute to producing regular risk metrics, dashboards, and reports
* Perform support ticket analysis, triage, and escalation
* Identify opportunities for risk management and process automation. Develop proposals and implement improvements through approved automations.
* Collaborate with security team members and business unit staff across multiple international sites
* Produce and analyze information that will accurately demonstrate the risk posture of each business and drive actions to reduce and manage technical risks.
* Be able to understand and communicate technical risks to a broad set of stakeholders. Must be able to adjust delivery to the audience.
The Trimble Cyber Security team serves the entire organization. Trimble is divided into several Business focused Sectors and Divisions. This role will communicate with:
* The Global Cyber Security, IT and GRC teams
* Corporate leadership (Division & Sector)
* Divisional Cyber Security representatives
* Software development managers and team leads
* Other staff as required
* No customer facing communication required
Skills / Competencies:
* Comprehensive understanding of risk management standards and guidelines.
* Enterprise IT knowledge (networking, cloud computing, software development)
* Familiarity with development security frameworks (e.g., SSDLC, OWASP, SSDF)
* A passion for user-centric information that is clear and actionable, attention to detail focused on delivering accurate and creative metrics.
* Ability to make effective, timely decisions with clear reasoning
* Ability to quickly establish a broad understanding of an issue with limited available information and outline the steps required to bring it to a successful conclusion
* Effective communication skills (verbal and written) and time management skills
* Flexible approach to working in a changing environment and can work well under pressure with dynamically changing priorities
* Ability to work as part of a collaborative global team, prepared to remain resilient to complete tasks to conclusion.
Qualifications / Experience:
* A relevant degree in Information Science, Computer Science or Engineering (Software or Electrical)
* Current security certifications (e.g., CISSP, CEH, GSEC, GCIA)
* 4 years' experience in a risk management role, information security role or systems engineer/administrator role in a large, international software company
* Hands-on admin level experience with business and GRC tools such as: Jira Service Desk; Tenable; Whitesource; Crowdstrike; OneTrust; Splunk
* Demonstrated experience in collating information from disparate data sources
* Expert level experience with Windows and Linux/Unix operating systems
* Advanced level scripting skills in powershell, python, bash, perl with proven examples of successful process automation. This is a critical skill.
Trimble Inc. is proud to be an Equal Opportunity and Affirmative Action Employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, status as a covered veteran in accordance with applicable federal, state and local laws, or any other protected factor. EOE/M/F/V/D