Axalta has remained at the forefront of the coatings industry by continually investing in innovative solutions. We engineer technologies that protect customers' products – whether they are battling heat, light, corrosion, abrasion, moisture, or chemicals – and add dimension and beauty with colorful finishes. We have a vast and ever-evolving portfolio of brands primed to play an important part in everything from modernizing infrastructure around the world to enabling the next generation of electric and autonomous vehicles. We are currently looking for a Global IT Security and GRC Analyst to join us at our facility in Asturias, Spain – hybrid work is allowed. The purpose of the Global IT Security GRC Analyst (Governance, Risk and Compliance) is to work closely with global IT and business process owners to ensure that cyber security controls are implemented to acceptable risk levels. Here you will assist in developing and maintaining information security policies and controls. The successful candidate will work with Information Security SMEs to document and verify security controls and capabilities. The GRC analyst will play a key role in developing Information Security policy and the implementation of IT risk management framework throughout the company. This role reports to the IT Senior Compliance Analyst and will be located in Asturias, Spain. Key responsibilities: Implement Information Security Management System based on the ISO framework. Conduct internal security risk assessments to identify gaps in internal applications, cloud applications and COTS products. Perform data field mapping and document how data flows within an application or business process. Support risk management strategies, risk mitigation, risk reduction, risk transfer, and exception processes. Evaluate the effectiveness of controls by defining, collecting, and communicating Information Security metrics. Support the Risk Acceptance strategies. Maintain and Support Risk Register process within the company. Work with technical team members to implement controls based on Information Security Assessment findings. Understand and create information security policies, standards, procedures, guidelines, and training materials. Key requirements: Fluency in English and 3+ years of experience in Risk Management (within a large organization, ideally). Diploma or associate degree in IT. Training in Risk Management, ISO 27000, and NIST 800 series publications (desirable). Awareness of security services such as Internet Content Filtering, Remote Access, Firewalls, IDS/IPS, Virus Protection, AAA (including 2-Factor Authentication), Digital Certificates, and PKI. Proven knowledge of Cyber Security related technologies. CRISC, CISA certifications are a plus. Skills: Strong analytical and critical thinking skills, attention to detail, good written and verbal communication skills. Experience with Archer Risk Management platform a plus. #J-18808-Ljbffr