Governance, Risk & Frameworks Analyst - Dublin
Group Information Security
Dublin City, Dublin, Ireland
Country: Ireland
City: Dublin
Req ID: 521439
Job Type: Full Time
Workplace Type: Hybrid
Seniority Level: Associate
About CRH
CRH is a member of the S&P 500 Index and a global leader in building materials. Our portfolio spans infrastructure, transportation, water, and reindustrialization projects worldwide.
As part of the Group Information Security team, you will contribute to driving strategy and multi-year programme plans aimed at reducing overall cyber risk while supporting related Group reporting and governance requirements.
The role works closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices, driving standardisation, tracking, and measurement of information security metrics across 150+ CRH entities.
Key Responsibilities
The candidate will own work delivery in specific domains and support multiple work areas:
Global Governance & Risk Reporting
Develop, implement, and continuously enhance global cyber-risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.
Global Information Security Standards
Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.
Third-Party Risk Management
Design and deploy the Group's third-party due-diligence assessment process.
Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier-related risks.
Group Information Security Management System (ISMS)
Maintain, enhance, and support Group alignment with IEC/ISO 27001 accreditation requirements.
Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.
Cyber Entity-Level Controls
In alignment with Financial Regulatory Controls (FRC) and Sarbanes-Oxley (SOX) reporting requirements, develop and support the execution of key entity-level cyber controls, including incident reporting and security awareness.
Audit Collaboration & Issue Resolution
Partner closely with Group and Divisional teams—including Legal, Compliance, Finance, Risk, IT, and Internal Audit—to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
Ensure timely follow-up and drive sustained improvements based on audit outcomes.
Key Characteristics
Experience working or consulting within large, diverse global organisations, navigating differing needs, priorities, and maturity levels.
Strong team player with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
Exceptional interpersonal skills, with the ability to build trusted relationships at all levels of the organisation.
Outcome-driven, with the ability to navigate challenges, resolve issues, and maintain momentum in multi-stakeholder initiatives.
Excellent written and verbal communication skills, able to clearly articulate technical concepts and processes to non-technical audiences.
Highly effective stakeholder engagement skills, capable of driving change within a matrixed organisation and promoting governance, IT security standards, and framework adoption.
Strong analytical, reporting, and problem-solving abilities, with the capability to assess issues from multiple perspectives and develop "win-win" solutions.
Comfortable operating in environments of uncertainty, ambiguity, and change, exercising good judgement to make informed decisions and recommendations.
Education and Experience
3-5 years' experience in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organisations with diverse needs and priorities.
Third-level qualification (or equivalent) in Information Technology, Information Security, Engineering, or a related discipline.
Preferred: Professional security certifications such as CISSP, CISM, GCIH, GIAC (SANS), or equivalent. (Candidates actively working toward these certifications are also encouraged.)
Experience in developing, implementing, and supporting risk management and assurance frameworks (e.g., NIST CSF, IEC/ISO 27001).
Experience with GRC platforms—administration skills in tools such as RSA Archer are a strong plus.
Experience with eDiscovery tooling is an advantage.
Proficiency in an additional language is a plus, reflecting CRH's global footprint.
What CRH Offers You
A culture that values opportunity for growth, development, and internal promotion.
Highly competitive salary package.
Comprehensive secondary benefits.
Significant contribution to your pension plan.
Health and wellness programmes, including an on-site gym and fitness classes.
Excellent opportunities to develop and progress within a global organisation.
Connect Your Future to CRH
We are curious to learn more about you. At CRH, we believe our mutual differences contribute to the healthy, productive, and enjoyable workspace we create. Please introduce yourself and send us your application.
Is this role not for you, but do you know someone who would love to join the team? Please let us know!
CRH finds it important that vacancies are shared to individuals that may find them interesting and/or could be suitable for the role.
Please contact our recruitment team at careers@crh.com.
CRH is an equal opportunity employer. We are committed to creating an inclusive work environment for all employees and actively encourage applications from all sectors of the community.
Benefits/perks listed above may vary depending on the nature of the employment with CRH and the country where you work.
Please note that we cannot accept any applications submitted through email for GDPR purposes. Candidates must apply through our job portal.
We do not accept candidate introductions for this position from recruitment agencies, unless you have been instructed to do so by our recruitment team.
#J-18808-Ljbffr