IT Security and Governance Analyst

• Quote from

Hiring Manager:

• The IT Governance/Risk/Compliance Analyst position offers a dynamic opportunity for an experienced analyst to help shape the future of our governance, risk, and compliance initiatives.

In this role, you'll be at the forefront of identifying and mitigating IT risks, ensuring regulatory compliance, and enhancing our security posture through robust frameworks and controls. We're seeking candidates with strong analytical skills, knowledge of risk management frameworks, and the ability to communicate technical concepts to diverse stakeholders.

• Meaningful Work From Day One:

• The IT GRC Analyst plays a critical role in ensuring that the organization's IT governance is aligned with business objectives while also adhering to governance standards, risk management practices, and regulatory compliance obligations.

In this role, you'll collaborate with cross-functional teams to align risk management strategies, ensure compliance, and foster a unified approach to IT governance.

• What You Can Expect:

• Develop and maintain IT governance frameworks and policies that align with industry standards and regulatory requirements, which are then implemented by IT owners.
• Support our IT risk management program to ensure both internal and third-party IT risks are identified, assessed, prioritized and remediated.
• Raise awareness within the organization of IT governance, risk and compliance programs that are risk based and align with compliance requirements.
• Track and ensure compliance with internal policies and external regulations through periodic audits and assessments.
• Ensure data security and privacy compliance by providing guidance on appropriate access controls, data classification protocols, and data protection measures.
• Collaborate with key stakeholders throughout the IT organization as well as with Internal Audit, Compliance, and Legal.
• Monitor evolving regulations, compliance standards, and best practices to strengthen our IT GRC capabilities and frameworks.
• What You Bring to the

Table:

• 3+ years of experience focused on governance, compliance, risk, audit or similar functions.
• Knowledge of IT governance and risk management frameworks including compliance practices (e.g., PCI, NIST, GDPR, COBIT, NIS2, Operation Technology, etc.).
• Strong analytical skills, attention to detail, and a problem-solving mindset.
• Excellent collaboration, communication and influencing skills with the ability to develop effective working relationships with all levels of the company.
• Exposure to risk assessments, policy development, and internal control audits.

• What Makes You Unique:

• Bachelor's degree within a related area of study.
• Information security related training or certifications such as

CISA, CRISC, PCI QSA.

• Experience working with GRC platforms and tools.
• Familiarity with third-party risk management and vendor compliance.

• Who We Are:

• We believe great people build great brands.

And we know there is Nothing Better in the Market than a career at Brown-Forman. Being a part of Brown-Forman means you will grow both personally and professionally. You will have the opportunity to solve problems, seize opportunities, and generate bold ideas. You will belong to a place where teamwork matters and where you are encouraged to bring your best self to work.

• What We Offer:

• Total Rewards at Brown-Forman is designed to engage our people to ensure sustainable and profitable growth for generations to come.

As a premium spirits company, we offer equitable pay structures for individual and company performance alongside a premium employee experience. We offer a range of premium benefits that reflect our company values and meet the needs of our diverse workforce. #LI Brown-Forman Corporation is committed to equality of opportunity in all aspects of employment. It is the policy of Brown-Forman Corporation to provide full and equal employment opportunities to all employees and potential employees without regard to race, color, religion, national or ethnic origin, veteran status, age, gender, gender identity or expression, sexual orientation, genetic information, physical or mental disability or any other legally protected status.

Business Area:

Global Information Technology Function:

IT City:

Louisville State:

Kentucky Country:

USA Req ID:

JR-00009992