We have a newly created opportunity for a Sr. GRC Cybersecurity Analyst to join our IT Team. This role is working on-site and can be based out of our headquarters office in Milwaukee, WI or Chicago, IL. In this role you will have responsibility for assessing cyber risks that could affect the integrity/confidentiality of data, systems, or services of the company, recommending appropriate mitigation solutions, driving security initiatives to strengthen organization security posture, developing security policies, standards, and procedures, ensuring that Komatsu complies with industry regulations, laws, and internal policies, analyzing vulnerability remediation efforts, and evangelizing cybersecurity governance, risk and compliance to the broader business. You will partner closely with our Technical Security, Audit, and Legal teams.

• Perform internal risks assessments and recommend appropriate security controls.
• Collaborate with cross-functional teams to integrate security controls into the development and implementation of new systems, applications, and processes.
• Analyze technical controls to ensure that security and compliance requirements are met.
• Make recommendations to enhance or improve our cybersecurity posture and drive implementation efforts.
• Verify documented processes, procedures, and standards to validate maintenance of secure configurations.
• Develop automation to drive compliance for required security tools.
• Track enterprise compliance across multiple security frameworks such as CIS, SOC 2 and NIST and maintain up-to-date records of requirements and corresponding mitigating controls.
• Drive any improvement plans and remediation activities following a cybersecurity incident.
• Develop key performance metrics to track and ensure compliance with established policies and standards.
• Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance group.
• Support the entire vulnerability lifecycle, from discovery to assessment, reporting, remediation tracking, and validation.
• Serve as a liaison between IT and internal audit teams
• Provide assistance for ediscovery and/or forensic requests

• Bachelor's Degree in Computer Science, Information Systems, other related fields.
• 5+ years of experience in Information Security and/or Data Privacy Compliance positions
• Knowledge and understanding of CIS, NIST, ISO27K and SOC-2 information security standards.
• Excellent communication, interpersonal skills, especially the translation of cybersecurity and privacy concepts to both executive and IT or developer-level audiences.
• Ability to maintain security documentation and manuals
• Strong understanding of security fundamentals and general security technologies
• Experience with vulnerability management programs
• Ability to communicate with all levels of the business verbally and in writing
• Knowledge of data privacy regulatory requirements (CCPA, GDPR, POPI, LGDP, etc.)
• Industry certifications such as CISSP, CISM, CISA or CRISC a plus.