Governance, Risk & Frameworks Analyst - Dublin
CRH is the leading provider of building materials critical to modernizing infrastructure.
With a team of 83,000 people across 4,000 locations, our unmatched scale, connected portfolio, and deep local relationships make us the partner of choice for transportation, water, and reindustrialization projects, shaping communities for a better tomorrow.
CRH (NYSE: CRH) is a member of the S&P 500 Index.
Without our products, we are everywhere you live, work, and relax.
Our project portfolio includes some of the most sustainable and cutting-edge building projects around the world, from the asphalt on the Silverstone Grand Prix Circuit to the Paris Metro Rail project, the Louis Vuitton Museum in Paris, parts of the Burj Khalifa, and the Kennedy Space Centre.
Country:
Ireland
City:
Dublin
Req ID:
******
Job Type:
Full Time
Workplace Type:
Hybrid
Seniority Level:
Associate
As part of the Group Information Security team, the successful candidate will contribute to driving strategy and multi-year programme plans aimed at reducing overall cyber risk, while also supporting related Group reporting and governance requirements.
Given the increasing need for global alignment and continuous improvement across CRH, the role will work closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices.
The candidate will help drive standardisation, tracking, and measurement of information security metrics and management across 150+ CRH entities, covering cyber governance, risk, best practice, and framework activities.
The role will involve extensive engagement across divisions, regions, and OpCo management on key work areas, contributing to programmes that will be reported to the Global Information Security (Cyber) Council—chaired by the Group Finance Director and part of the Global Leadership Team (GLT).
The outputs and progress tracking will form key components of the biannual Audit Committee updates and regular GLT updates.
This position will report into the Governance, Risk and Frameworks Manager.
Key Responsibilities
Global Governance & Risk Reporting
Develop, implement, and continuously enhance global cyber-risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.
Global Information Security Standards
Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.
Third-Party Risk Management
Design and deploy the Group's third-party due-diligence assessment process.
Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier-related risks.
Group Information Security Management System (ISMS)
Maintain, enhance, and support Group alignment with IEC/ISO ***** accreditation requirements.
Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.
Cyber Entity-Level Controls
In alignment with Financial Regulatory Controls (FRC) and Sarbanes-Oxley (SOX) reporting requirements, develop and support the execution of key entity-level cyber controls, including incident reporting and security awareness.
Audit Collaboration & Issue Resolution
Partner closely with Group and Divisional teams—including Legal, Compliance, Finance, Risk, IT, and Internal Audit—to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
Ensure timely follow-up and drive sustained improvements based on audit outcomes.
Key Characteristics
Experience working or consulting within large, diverse global organisations
, navigating differing needs, priorities, and maturity levels.
Strong team player
with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
Exceptional interpersonal skills
, with the ability to build trusted relationships at all levels of the organisation.
Outcome-driven
, with the ability to navigate challenges, resolve issues, and maintain momentum in multi-stakeholder initiatives.
Excellent written and verbal communication skills
, able to clearly articulate technical concepts and processes to non-technical audiences.
Highly effective stakeholder engagement skills
, capable of driving change within a matrixed organisation and promoting governance, IT security standards, and framework adoption.
Strong analytical, reporting, and problem-solving abilities
, with the capability to assess issues from multiple perspectives and develop "win-win" solutions.
Comfortable operating in environments of uncertainty, ambiguity, and change
, exercising good judgement to make informed decisions and recommendations.
Education and Experience
3–5 years' experience
in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organisations with diverse needs and priorities.
Third-level qualification (or equivalent)
in Information Technology, Information Security, Engineering, or a related discipline.
Preferred:
Professional security certifications such as
CISSP, CISM, GCIH, GIAC (SANS)
, or equivalent.
(Candidates actively working toward these certifications are also encouraged.)
Experience in developing, implementing, and supporting
risk management and assurance frameworks (e.g.,
NIST CSF
,
IEC/ISO *****
).
Experience with GRC platforms
—administration skills in tools such as
RSA Archer
are a strong plus.
Experience with eDiscovery tooling
is an advantage.
Proficiency in an additional language
is a plus, reflecting CRH's global footprint.
What CRH Offers You
A culture that values opportunity for growth, development, and internal promotion
Highly competitive salary package
Comprehensive secondary benefits
Significant contribution to your pension plan
Health and wellness programs, including an on-site gym and fitness classes
Excellent opportunities to develop and progress with a global organization
Please introduce yourself and send us your application.
If this role is not for you, but you know someone who would love to join the team, please let us know!
CRH finds it important that vacancies are shared to individuals that may find them interesting and/or could be suitable for the role.
Please contact our recruitment team at ******.
CRH is an equal opportunity employer.
We are committed to creating an inclusive work environment for all employees and actively encourage applications from all sectors of the community.
Benefits/perks listed above may vary depending on the nature of the employment with CRH and the country where you work.
Please note that we cannot accept any applications submitted through email for GDPR purposes.
Candidates must apply through our job portal.
We do not accept candidate introductions for this position from recruitment agencies, unless you have been instructed to do so by our recruitment team.
#J-*****-Ljbffr