Shape the Future with Dun & Bradstreet
At Dun & Bradstreet, we believe data has the power to create a better tomorrow. As a global leader in business decisioning data and analytics, we help companies worldwide grow, manage risk, and innovate. For over 180 years, businesses have trusted us to turn uncertainty into opportunity. We’re a diverse, global team that values creativity, collaboration, and bold ideas. Are you ready to make an impact and help shape what’s next? Join us! Explore opportunities at dnb.com/careers.
The Senior Governance Risk and Controls (GRC) Analyst is a key driver of Dun & Bradstreet’s Global Security and Risk strategy, partnering with process owners, internal Technology, Legal, and Ethics, external auditors, and cross‑functional stakeholders to strengthen control effectiveness and regulatory alignment. This role supports the organization’s cybersecurity posture by performing third-party risk assessments, managing governance workflows in ServiceNow and TrustArc, responding to client cyber security RFIs and audits, and supporting SOC 2 and ISO 27001 certification programs globally. The analyst will also support initiatives related to AI risk, automation, and scalable GRC operations.
Operating in a highly collaborative, global environment, the Senior GRC Analyst works closely with North America and has a direct focus on EU and APAC regions. The role plays a critical part in transforming D&B’s global IT compliance program by executing internal and external assessments, managing the full lifecycle of compliance audits, and ensuring ongoing adherence to existing and emerging regulations and standards, including SOC 2, ISO 27001, PCI DSS, and related GRC initiatives.
Manage compliance reviews, audits, validation testing, and risk assessments in accordance with NIST standards.
Take the lead on client and audit assurance for EU and APAC regions.
Execute the third-party risk program through supplier due diligence, monitoring, and assessments globally.
Manage and maintain information security policies.
Maintain and monitor a centralized audit evidence repository for globally use.
Coordinate with other stakeholders in the privacy, procurement and corporate IT departments to ensure alignment with GRC initiatives.
Drive the management of security policies, standards, and procedures annually to ensure they align to organizational needs.
Provide support to the department in responding to business units regarding day-to-day operational compliance questions.
Proactively look for areas of improvement and provide value-added advice and insight on process and controls improvements.
Coordinate the gathering and production of qualitative and quantitative metrics to assess the success of the Security Assurance Program, and provide regular reports to security and business leaders.
Bachelor's degree or an equivalent mix of education and experience in Information Cyber Security, Risk Management, and Governance, Risk, and Compliance.
5+ years of direct information security experience, with a primary focus on risk, controls testing and compliance program.
Strong knowledge of industry frameworks including related regulatory compliance requirements (e.g., ISO27001, SOC 2, NIST, PCI, GDPR).
Experience reviewing vendor and client contracts for Information Security requirements and concerns.
Experience in the Security Controls aspects of multiple platforms, operating systems, software, communications, and network protocols.
Advanced knowledge of one or more major Information Security standards and frameworks (e.g., ISO 27000 series, NIST 800 series, NIST Cybersecurity Framework, SOC 2 [AICPA Trust Service Principles], ITAR, GDPR).
Strong technical understanding of security controls, disaster recovery and Identity management standards.
2+ years of experience in conducting and/or responding to ISO 27001 and SOC 2 audits.
Experience with ISO 27001 audits, Familiarity with GRC tools (ServiceNow a plus), methodologies, and best practices.
Show an ownership mindset in everything you do. Be a problem solver, be curious and be inspired to take action. Be proactive, seek ways to collaborate and connect with people and teams in support of driving success.
Continuous growth mindset, keep learning through social experiences and relationships with stakeholders, experts, colleagues and mentors as well as widen and broaden your competencies through structural courses and programs.
Where applicable, fluency in English and languages relevant to the working market.
CISA, CISM, CISSP, or working toward certification strongly preferred.
Wpp
Inter