Governance, Risk & Frameworks Analyst - Dublin

As part of the Group Information Security team, the successful candidate will contribute to driving strategy and multi-year programme plans aimed at reducing overall cyber risk, while also supporting related Group reporting and governance requirements.

Given the increasing need for global alignment and continuous improvement across CRH, the role will work closely with Group, Divisional, and OpCo teams to ensure adherence to policy and best practices. The candidate will help drive standardisation, tracking, and measurement of information security metrics and management across 150+ CRH entities, covering cyber governance, risk, best practice, and framework activities.

The role will involve extensive engagement across divisions, regions, and OpCo management on key work areas, contributing to programmes that will be reported to the Global Information Security (Cyber) Council—chaired by the Group Finance Director and part of the Global Leadership Team (GLT). The outputs and progress tracking will form key components of the biannual Audit Committee updates and regular GLT updates.

This position will report into the Governance, Risk and Frameworks Manager.

Key Responsibilities

The candidate will own work delivery in specific domains and support multiple work areas:

Global Governance & Risk Reporting

• Develop, implement, and continuously enhance global cyber-risk assessment processes covering 150+ CRH entities, ensuring consistent reporting, oversight, and governance across the Group.

Global Information Security Standards

• Develop, roll out, and support the adoption of information security standards and best practices across the Group, enabling local IT teams and functions to meet minimum security requirements.

Third-Party Risk Management

• Design and deploy the Group’s third-party due-diligence assessment process.
• Collaborate with Group, Divisional, and OpCo teams to identify, assess, mitigate, and monitor supplier-related risks.

Group Information Security Management System (ISMS)

• Maintain, enhance, and support Group alignment with IEC/ISO 27001 accreditation requirements.
• Provide advisory and consultancy support to OpCos and business units to strengthen their information security controls and practices.

Cyber Entity-Level Controls

• In alignment with Financial Regulatory Controls (FRC) and Sarbanes-Oxley (SOX) reporting requirements, develop and support the execution of key entity-level cyber controls, including incident reporting and security awareness.

Audit Collaboration & Issue Resolution

• Partner closely with Group and Divisional teams—including Legal, Compliance, Finance, Risk, IT, and Internal Audit—to support the planning, execution, and remediation of internal and external audit findings across all cyber and IT audit areas.
• Ensure timely follow-up and drive sustained improvements based on audit outcomes.

Key Characteristics

• Experience working or consulting within large, diverse global organisations, navigating differing needs, priorities, and maturity levels.
• Strong team player with a track record of breaking down silos, fostering collaboration, and building shared visions across complex environments.
• Exceptional interpersonal skills, with the ability to build trusted relationships at all levels of the organisation.
• Outcome-driven, with the ability to navigate challenges, resolve issues, and maintain momentum in multi-stakeholder initiatives.
• Excellent written and verbal communication skills, able to clearly articulate technical concepts and processes to non-technical audiences.
• Highly effective stakeholder engagement skills, capable of driving change within a matrixed organisation and promoting governance, IT security standards, and framework adoption.
• Strong analytical, reporting, and problem-solving abilities, with the capability to assess issues from multiple perspectives and develop “win-win” solutions.
• Comfortable operating in environments of uncertainty, ambiguity, and change, exercising good judgement to make informed decisions and recommendations.

Education and Experience

• 3–5 years’ experience in cybersecurity governance and risk management, compliance/assurance, or IT security operations within large global organisations with diverse needs and priorities.
• Third-level qualification (or equivalent) in Information Technology, Information Security, Engineering, or a related discipline.
• Preferred: Professional security certifications such as CISSP, CISM, GCIH, GIAC (SANS), or equivalent. Candidates actively working toward these certifications are also encouraged.
• Experience in developing, implementing, and supporting risk management and assurance frameworks such as NIST CSF and IEC/ISO 27001.
• Experience with GRC platforms—administration skills in tools such as RSA Archer are a strong plus.
• Experience with eDiscovery tooling is an advantage.
• Proficiency in an additional language is a plus, reflecting CRH’s global footprint.

What CRH Offers You

• A culture that values opportunity for growth, development, and internal promotion
• Comprehensive secondary benefits
• Significant contribution to your pension plan
• Health and wellness programs, including an on-site gym and fitness classes
• Excellent opportunities to develop and progress with a global organization

Benefits/perks listed above may vary depending on the nature of the employment with CRH and the country where you work.