Information Security Governance Analyst

Job Purpose

We are seeking an Information Security Governance Analyst to support our Information Security Governance, Risk and Compliance (GRC) programme. In this role, you will help demonstrate compliance with key regulatory and industry frameworks by coordinating audits and assessments, gathering and validating evidence, tracking actions through to closure, and supporting continuous improvement of governance documentation and reporting.

In this role you will serve as an Information Security Professional as an Information Security Governance Analyst, protecting TechnipFMC information security throughout the system lifecycle. 

The Information Security Governance Analyst supports the IT compliance program within the Information Security organization. This support includes but is not limited to Sarbanes Oxley (SOX), SOC 2, ISO 27001, ISO 42001, NIST, questionnaires, audits and assessments from 3rd parties, clients and partners assessing the TechnipFMC’s regulatory compliance status.

Applicants must be authorized to work for any employer in the U.S. without restriction.  For this position we are not sponsoring or taking over sponsorship of an employment visa at this time.

Job Description

• Coordinate internal and external audits and controls testing (e.g., SOX, SOC 2, ISO 27001/42001, NIST) by managing timelines, stakeholders, and deliverables to support on-time, high-quality audit outcomes.
• Triage, assign, and track requests for information (RFIs) to the correct SMEs, ensuring clear ownership and deadlines and improving response timeliness.
• Collect, validate, and submit audit evidence by performing completeness/quality checks to reduce evidence rework and audit follow-ups.
• Identify evidence gaps and drive closure by working with control owners/SMEs to remediate missing or insufficient evidence before submission deadlines.
• Maintain audit schedules and status trackers to provide accurate, current visibility of audit progress, evidence readiness, and risks to delivery.
• Maintain an Audit Findings List and Corrective Action Log to ensure findings are documented, assigned, tracked, and closed within agreed timescales.
• Monitor control testing progress and exceptions (including failed tests) and escalate issues with clear context and impact to support timely remediation decisions.
• Support third‑party, customer, and partner security assessments and questionnaires by coordinating inputs and validating responses to protect accuracy and consistency of submissions.
• Maintain and update governance document status trackers to ensure policies/standards/procedures are reviewed, current, and traceable.
• Support ongoing maintenance of governing documents by coordinating periodic reviews and updates with stakeholders to keep documentation aligned to requirements and practice.
• Identify compliance programme gaps and recommend improvements based on audit outcomes, metrics, and stakeholder feedback to strengthen control effectiveness and readiness.
• Maintain GRC metrics, KPIs, and the Risk and Controls Matrix (RCM) to support evidence-based reporting and prioritisation of compliance activities.
• Input data into the GRC tooling/module and publish GRC-related content to ensure records are complete, current, and available for reporting and audits.
• Prepare materials for management reviews, compliance committees, and governance forums to enable clear decision-making and documented oversight.

   

You are meant for this job if:

• Bachelor’s degree in computer science or related discipline considered as a plus
• 2+ years of experience in supporting or auditing IT and Information Security compliance programs.
• Strong understanding of compliance regulations (e.g., Sarbanes Oxley 404, PCAOB, PCI, GDPR) and security standards (e.g., ISO 27001, NIST CSF).
• Familiar with IT governance and quality frameworks such as ISO, COBIT, and ITIL.
• Skilled in compliance metrics tracking.
• Proven ability to work effectively in global, matrixed environments.
• Excellent interpersonal, organizational, and communication skills.
• Comfortable collaborating across enterprise-scale organizations and building effective working relationships.
• Advanced oral and written communication skills in English.
• Strong analytical, problem-solving, and critical thinking capabilities.

Nice to have:

Information Security related certifications such as CISA, Security+, Network+, Azure AZ-900, AZ-500, AWS certification, CEH. 

Skills