Title:  Governance, Risk and Compliance Analyst



Date:  May 26, 2023


Title:  Governance, Risk and Compliance Analyst

Location: Southfield, MI, US

Job Type: Full-time with Benefits    


Who We Are:  

For more than 25 years, MSX International has been a dedicated partner to leading automotive brands around the world. We support them in transforming their businesses and in managing their operations across the areas of Customer Experience, Repair Optimization, Learning and Insights. We focus on helping our clients generate more value for their customers. With over 5,000 employees based in more than 80 countries worldwide, our teams provide industry-leading expertise. We have combined our deep industry expertise with cutting-edge technology solutions to help our automotive clients increase revenue and reduce costs, while enhancing operational efficiency and improving customer satisfaction.  Our goal is to help our customers reach their full potential and to excel as their global partner of choice.  



The Governance, Risk, and Compliance Analyst is responsible for assessing and documenting the client’s market-level compliance and risk posture.

The purpose of this position is to provide skilled technical and information security expertise for the development and implementation of the information security risk management program within a given market. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; standards and testing; risk assessment; awareness and education; and development of policies, standards, and guidelines. Reporting position: The GRC Analyst reports to the local market Managing Director


Day to Day Responsibilities

  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk management, and measures for compliance regarding computer and network security.
  • Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates.
  • Risk
  • Lead the development and implementation of risk management functions for identified programs to ensure information security risks are identified and monitored.
  • Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the client’s information and technology systems.
  • Policy/Compliance
  • Ensure market IT activities, processes, and procedures meet defined global requirements, policies, and regulations.
  • With the Information Security and Compliance team, implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Execute strategy for managing audits, compliance checks, and external assessment processes for internal/external auditors, PCI DSS, CCPA, HIPAA, and other
  • Outreach/Awareness
  • Interacts in both oral and written communications with all levels of staff and users including Infrastructure and Operations, End User Technology, Information and Compliance, local market developers and other staff. The position also interacts with technology vendors and contractors, in matters related to information security and security awareness materials.
  • Audit
  • Work with ISC appropriate on required security assessments and audits
  • Coordinate and track all information technology and security related audits including scope of audits, programs involved, timelines, auditing agencies and outcomes.
  • Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation, and advocacy on audit responses.
  • Problem-Solving Skills
  • Must be able to assess computer hardware, software, and systems for security risks or violations and work with ISC staff and technology vendors to recommend solutions. Develop strategies to implement awareness and training for all market users.
  • Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.
  • Contingency planning (BC, DR)
  • Prepares, analyzes, and documents program-level business continuity and disaster recovery requirements to ensure all solutions meet organizational service-level agreements


What you bring

  • Three years of IT skills with knowledge of information security processes
  • Knowledge of information security risk management frameworks and compliance practices.
  • Ability to develop security standards and guidelines based on best practices and industry standards
  • Knowledge of securing network technologies, client, and server operating systems.
  • Experience responding to, analyzing, and communicating information security incidents
  • Three years of planning and managing IT projects
  • Excellent interpersonal, communication, and presentation skills
  • Understanding of common security standards and regulations (e.g., PCI DSS, ISO2700x, CCPA, LGPD, etc.)
  • Bachelor’s degree in information technology or other related field
  • Information security experience
  • Skills in documenting risk and compliance activities
  • Experience performing information security audits or risk assessments
  • Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future


MSXi is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, veteran status, or disability. 


Please note, MSXi did not provide any salary data for this position. If there is a salary range included in the posting the data was estimated by the job posting site and does not reflect our company's actual salary ranges. Actual starting salaries are determined based on job requirements and level of experience.


If you are interested in this position apply here    



Job Segment: Information Security, Testing, Project Manager, Technology, Automotive