Governance, Risk, & Framework Analyst

CRH Illinois, United States of America
Apply Now

Job Description

Governance, Risk, & Framework Analyst

CRH Americas Corporate

Atlanta, Georgia, United States

 

 

Job ID:  525936
 

CRH is a leading global diversified building materials group, employing over 75,800 people at more than 3,160 locations in 29 countries. CRH is the leading building materials company in North America and the world. We manufacture and distribute a diverse range of superior building materials, products, and solutions, which are used extensively in construction projects of all sizes. 

 

Job Summary

 

As part of the Group Information Security team and reporting to the Governance, Risk and Frameworks Manager, the successful candidate will contribute to driving strategy and multi‑year program plans aimed at reducing overall cyber risk, while also supporting related Group reporting and governance requirements.

 

Given the increasing need for global alignment and continuous improvement across CRH, the role will work closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices. The candidate will help drive standardization, tracking, and measurement of information security metrics and management across 150+ CRH entities, covering cyber governance, risk, best practice, and framework activities.

 

The role will involve extensive engagement across divisions, regions, and OpCo management on key work areas, contributing to programs that will be reported to the Global Information Security (Cyber) Council—chaired by the Group Finance Director and part of the Global Leadership Team (GLT). The outputs and progress tracking will form key components of the biannual Audit Committee updates and regular GLT updates.

 

Job Location

 

This role is based at our corporate office in the Perimeter area of Atlanta, GA – hybrid work schedule

 

Job Responsibilities

 

  • Develop, implement, and continuously enhance global cyber risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.
  • Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.
  • Design and deploy the Group’s third-party due diligence assessment process.
  • Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier related risks.
  • Maintain, enhance, and support Group alignment with IEC/ISO 27001 accreditation requirements.
  • Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.
  • In alignment with Financial Regulatory Controls (FRC) and Sarbanes Oxley (SOX) reporting requirements, develop and support the execution of key entity level cyber controls, including incident reporting and security awareness.
  • Partner closely with Group and Divisional teams—including Legal, Compliance, Finance, Risk, IT, and Internal Audit—to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
  • Ensure timely follow up and drive sustained improvements based on audit outcomes.

 

Job Requirements

 

  • Experience working or consulting within large, diverse global organizations, navigating differing needs, priorities, and maturity levels.
  • Strong team player with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
  • Exceptional interpersonal skills, with the ability to build trusted relationships at all levels of the organization.
  • Outcome driven, with the ability to navigate challenges, resolve issues, and maintain momentum in multi stakeholder initiatives.
  • Excellent written and verbal communication skills, able to clearly articulate technical concepts and processes to non-technical audiences.
  • Highly effective stakeholder engagement skills, capable of driving change within a matrixed organization and promoting governance, IT security standards, and framework adoption.
  • Strong analytical, reporting, and problem-solving abilities, with the capability to assess issues from multiple perspectives and develop “win-win” solutions.
  • Comfortable operating in environments of uncertainty, ambiguity, and change, exercising good judgement to make informed decisions and recommendations.
  • 3 or more years’ experience in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organizations with diverse needs and priorities.
  • Third level qualification (or equivalent) in Information Technology, Information Security, Engineering, or a related discipline.
  • Preferred: Professional security certifications such as CISSP, CISM, GCIH, GIAC (SANS), or equivalent. (Candidates actively working toward these certifications are also encouraged.)
  • Experience in developing, implementing, and supporting risk management and assurance frameworks (e.g., NIST CSF, IEC/ISO 27001).
  • Experience with GRC platforms—administration skills in tools such as RSA Archer are a strong plus.
  • Experience with eDiscovery tooling is an advantage.
  • Proficiency in an additional language is a plus, reflecting CRH’s global footprint.

 

What CRH Offers You

 

  • Highly competitive base pay
  • Comprehensive medical, dental and disability benefits programs
  • Group retirement savings program
  • Health and wellness programs
  • An inclusive culture that values opportunity for growth, development, and internal promotion

 

 

About CRH

 

CRH has a long and proud heritage. We are a collection of hundreds of family businesses, regional companies and large enterprises that together form the CRH family. CRH operates in a decentralized, diversified structure that allows you to work in a small company environment while having the career opportunities of a large international organization.

 

If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!

 

CRH is an Affirmative Action and Equal Opportunity Employer.

 

EOE/Vet/Disability

 

CRH is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law. 

 

AI tools may be used in certain stages of the employment lifecycle, such as candidate review; however, all final employment decisions will be made by a person.

Posting Start Date:  6/25/26

Posting End Date: 

  • Why choose CRH?

  • Create Candidate Profile

  • Applicant Assistance

  • Join Talent Community

  • Opens in a new tab.

×

Show More Details

  • "route" is used for session stickiness
  • "careerSiteCompanyId" is used to send the request to the correct data center
  • "JSESSIONID" is placed on the visitor's device during the session so the server can identify the visitor

Show More Details

Show More Details

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic.

Google Tag Manager

Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing, and more.

Confirm My Choices

Apply Now Back to Search