Why We Work at Dun & Bradstreet
Dun & Bradstreet unlocks the power of data through analytics, creating a better tomorrow. Each day, we are finding new ways to strengthen our award-winning culture and accelerate creativity, innovation and growth. Our 6,000+ global team members are passionate about what we do. We are dedicated to helping clients turn uncertainty into confidence, risk into opportunity and potential into prosperity. Bold and diverse thinkers are always welcome. Come join us!
Dun & Bradstreet is responsible for collecting and analyzing the data of 285 million commercial entities and 100 million associated contacts. We offer the world's most comprehensive commercial data source, and our data drives critical everyday business decisions. The trust and confidence our customers have in the protection and integrity of that data is critical to our success.
We are in the process of undergoing transformation to both our technology and processes, as well as a cultural transformation that has voted us one of the top 25 Best Places to Work in NJ! You can learn more about Dun & Bradstreet below. We are currently growing our Governance Risk and Compliance team in order to protect and scale our enterprise as well as meet ongoing security compliance and assurance requirements.
The Principal GRC Analyst will work with process owners, internal auditors, external auditors and other stakeholders to assists in evaluating, monitoring and resolving findings (internal, external audit, etc.). Supporting the team with the overall management of D&B's ISO27001 and SOC 2 Compliance programs. The Principal GRC Analyst will also help drive the transformation of the company's IT compliance program by supporting the execution of internal and external assessments, respond to and manage the complete lifecycle of compliance audits and ensure compliance with existing and emerging regulations and standards including SOC2, ISO 27001,PCI, SOX and other GRC activities.
Key Responsibilities:
Manage compliance reviews, audits, validation testing, and risk and vulnerability assessments in accordance with NIST standards.
Support and manage SOC 2, SOX audits and Global ISO 27001 audits.
Drive adoption of ISO 27001 standards across the organization.
Maintain and monitor a centralized audit evidence repository.
Escalate material issues and risks to the appropriate stakeholders.
Coordinate with other stakeholders on our privacy, procurement, and corporate IT departments to ensure alignment with GRC initiatives.
Remain current on processes and procedures working to increase industry and functional team knowledge.
Drive the management of security policies, standards and procedures annually to ensure they align to organizational needs.
Provide support to the department in responding to the business units regarding day-to-day operational compliance questions.
Proactively look for areas of improvement and provide value added advice and insight on process and controls improvements.
Communicate with managers to avoid surprises, highlight issues and ensure timely delivery.
Key Requirements:
Bachelor's degree or an equivalent mix of education and experience in Information Cyber Security, Risk Management and Governance Risk and Compliance.
5 - 7+ years of direct information security experience, with a primary focus in risk and compliance.
Strong knowledge of industry frameworks including related regulatory compliance requirements (ISO27001, SOC 2 , NIST, FedRamp, CMMC, PCI, GDPR, etc.).
Strong technical understanding of cloud security controls, storage, disaster recovery and Identity management standards.
Minimum 3-6 years of experience in conducting and/or responding to ISO 27001 and SOC 2 audits.
Strong eye for detail and ability to successfully manage third party audits, gather evidence and coordinate audit response.
Certified as an ISO 27001 Lead Auditor, CISA, CISM, CISSP or working toward certification strongly preferred.
Familiarity with GRC tools (ZenGRC, OneTrust, Archer) methodologies and best practices.
Experience in planning and executing multiple risk & compliance projects.
Ability to leverage strong verbal, written communication skills to collaborate with cross-functional teams.
Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
A team player with strong collaboration skills and the ability to work with minimal supervision.
What we offer:
Generous paid time off, increasing with tenure.
100% paid parental leave after one year.
Paid sick time to care for yourself or family members.
Education assistance and extensive training resources.
Do Good Program: Paid volunteer days & donation matching .
Competitive 401k & Employee Stock Purchase Plan with company matching.
Health & wellness benefits, including a Gympass membership.
Medical, dental & vision insurance for you, spouse/partner & dependents.
Learn more about our benefits: https://bit.ly/2VwyKQt !
FOR US APPLICANTS - Equal Employment Opportunity (EEO): Dun & Bradstreet is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, age, national origin, citizenship status, disability status, sexual orientation, gender identity or expression, pregnancy, genetic information, protected military and veteran status, ancestry, marital status, medical condition (cancer and genetic characteristics) or any other characteristic protected by law. View the EEO is the Law poster here and its supplement here. View the pay transparency policy here .
We are committed to Equal Employment Opportunity and providing reasonable accommodations to qualified candidates and employees. If you are interested in applying for employment with Dun & Bradstreet and need special assistance or an accommodation to use our website or to apply for a position, please send an e-mail with your request to acquisitiont@dnb.com . Determination on requests for reasonable accommodation are made on a case-by-case basis.
