Senior Cybersecurity Governance, Risk, & Compliance (GRC) Specialist (Chicago, NYC; Hybrid)

We understand that the world we want tomorrow starts with how we do business today, and that’s why we’re inspired to make A Better World for Pets. Antech is comprised of a diverse team of individuals who are committed to each other’s growth and development. Our culture is centered on our guiding philosophy, The Five Principles: Quality, Responsibility, Mutuality, Efficiency and Freedom. Today Antech is driving the future of pet health as part of Mars Science & Diagnostics, a family-owned company focused on veterinary care.

Current Associates will need to apply through the internal career site. Please log into Workday and click on Menu or View All Apps, select the Jobs Hub app, then click the magnifying glass to Browse Jobs.

This is a Hybrid role based out of our office in New York, NY or Chicago, Illinois. The Target Pay Range for this position is $135,800 - $169,800 annually. At Antech, pay decisions are determined using factors such as relevant job-related skills, experience, education, training and budget.

Job Summary:

The Sr. Cybersecurity GRC Specialist is responsible for providing guidance, executing and collaborating with Mars GRC in executing SDx GRC program as part of the Cybersecurity function. The Sr. Cybersecurity GRC Specialist will work closely with Business Stakeholders, and Information technology teams to make the SDx GRC program effective and efficient throughout the division. This individual will serve as the subject matter expert for SDx GRC assessments, coordinating with auditors, analyzing risks, ensuring adherence to processes and communicating effectively with internal stakeholders. As part of the SDx Cybersecurity team, the ideal candidate will play a critical role coordinating with Mars Global teams in developing, implementing, and maintaining cybersecurity governance and risk management practices, while ensuring new and continuous compliance with Mars policies, standards and regulatory requirements.

Key Responsibilities:

• Assist Mars and SDx Leadership in providing GRC guidance and interpretation of rules, regulations, risks and best practices.

• Assist in the implementation and adoption of Mars policies, standards and procedures.

• Assist in the implementation and adoption of Mars established Risk Management framework for SDx in coordination with Mars GRC teams.

• Lead and coordinate efforts executing cybersecurity risk assessments, monitoring identified risks and work with SDx teams to provide remediation guidance for gaps or vulnerabilities discovered during assessments.

• Assist in promoting Mars SDx security awareness, policy and standard adherence across the division.

• Coordinate with Mars regarding implementation of cybersecurity governance frameworks.

• Collaborate with Mars Internal Audit, Assurance & Compliance and other Cybersecurity teams on security assessments and support audit execution processes providing compliance consultation to SDx teams.

• Provide support for gathering control effectiveness evidence (collect, review and upload evidence) for compliance processes.

• Assist SDx teams in ensuring compliance with Privacy requirements in coordination with the Mars Privacy team.  

• Serve as a liaison for Mars GRC teams in applying Global Risk practices for documenting risks, assist in analysis and evaluation of risks, and monitoring residual risks, among other.

• Provide GRC guidance and support to internal teams, prepare and communicate metrics and trend analysis for IT Leadership, and collaborate with respective teams to ensure that GRC efforts are aligned to SDx business objectives.  

• Stay current on regulatory developments, industry trends and cybersecurity emerging threats.

• Assist Mars Global Risk team in maintaining risk register and assist the Director in reporting on risk posture to SDx Leadership.

•  Monitor and report on compliance gaps and remediation progress.

• Assist with Mars Vendor Cybersecurity Risk Management team in ensuring that third party reviews are conducted, and remediation is monitored through completion.

• Develop GRC reports, metrics and dashboards for SDx leadership.

• Provide recommendations to enhance security controls and reduce risk.

Qualifications & Experience:

• Bachelors in Cybersecurity, Information Technology, Computer Science, Engineering or related field. Master’s degree is a plus, but not essential.

• Seven (7) years of experience applying GRC principles for different frameworks including NIST:CSF, NIST:800-53, ISO:27001, HITRUST or similar frameworks.

• Seven (7) years of experience applying cybersecurity controls for regulatory requirements for GDPR, CCPA, PIPEDA, PIP-L, as well as county or territory specific laws.

• Seven (7) years of experience conducting cyber risk assessments, business impact analysis, control effectiveness evaluations and the corresponding risk quantification techniques.

• Experience with GRC tools including Archer GRC, ServiceNow, Risk Watch, AuditBoard, LogicGate, OneTrust, MetricStream or similar tools.

• Seven years of experience establishing and managing cybersecurity risk dashboards and metrics to leadership.

• Experience preparing and presenting audit evidence to internal/external auditors.

• Deep understanding of how security controls map to enterprise systems and environments including Cloud security controls (compliance baselines), endpoint protection, network segmentation, access control mechanisms, logging and monitoring, vulnerability management, among other.

• Experience communicating complex security concepts effectively (technical, non-technical and executive level audiences) with clear business-friendly language.

• Relevant certifications such as CISSP, CISA, CISM, CRISC, are also preferred.

• Experience in regulated industries (finance, healthcare, manufacturing, etc.) applying regulatory requirements and/or security frameworks.

• Experience in a laboratory setting, veterinary clinics, healthcare or related systems.

• Strong problem-solving and analytical mindset.

Physical Demands:

•            Extensive sitting, phone, and computer use

•            Extend and reach with hands and arms and use hands and fingers

•            Occasionally required to bend, kneel, stoop, or crouch

•            May be required to lift, move, and carry up to 15 lbs.

•            Specific vision abilities required including close vision, color vision, depth perception, and the ability to adjust focus.

•            Hearing ability to effectively communicate via the telephone and in person

•            Ability to communicate verbally on the telephone and in person

•            Fluency in the English language

•            Extended hours may be needed

Work Environment:

The employee will primarily work in a typical office environment including use of cubicles, computers and overhead lighting. Temperature extremes will be minimal to nonexistent. 

The noise level in the work environment is usually moderate.  The employee will be required to use a computer, spreadsheets, database management, email, and the Internet.  The employee is frequently required to use a calculator; fax, copy machine, and phone system

About Antech

Antech is a leader in veterinary diagnostics, driven by our passion for innovation that delivers better animal health outcomes. Our products and services span 90+ reference laboratories around the globe; in-house diagnostic laboratory instruments and consumables, including rapid assay diagnostic products and digital cytology services; local and cloud-based data services; practice information management software and related software and support; veterinary imaging and technology; veterinary professional education and training; and board-certified specialist support services.

Antech offers an industry competitive benefits package and continues to invest in and evolve benefits programs that meet the health, wellness and financial needs of our associates.

• All Full-time associates are eligible for the following benefits and more:

• Paid Time Off & Holidays

• Medical, Dental, Vision (Multiple Plans Available)

• Basic Life (Company Paid) & Supplemental Life

• Short and Long Term Disability (Company Paid)

• Flexible Spending Accounts/Health Savings Accounts

• Paid Parental Leave

• 401(k) with company match

• Tuition/Continuing Education Reimbursement

• Life Assistance Program

• Pet Care Discounts

We are proud to be an Equal Opportunity Employer - Veterans / Disabled. For a complete EEO statement, please see our Career page at Antech Careers.

Note to Search Firms/Agencies

Antech Diagnostics, Inc. and its subsidiaries and affiliates (Antech) do not compensate search firms for unsolicited assistance unless they have a written search agreement with Antech and the requisition is position-specific. Any resumes, curriculum vitae, and other unsolicited assistance from search firms that do not have a written search agreement or position-specific requisition submitted to any Associate of Antech will be deemed the sole property of Antech and no fee will be paid in the event the candidate is hired by Antech.