GAF Jobs

Job Information

GAF Cyber Security GRC Associate Analyst in Parsippany, New Jersey

Come Build Your Career Under OUR Roof

Job Description:

The Cyber Security GRC Associate Analyst will report to the Director of Governance, Risk & Compliance .

What Part Will You Play?

Global Cyber Security is seeking a Governance, Risk & Compliance (GRC) Associate Analyst to join the Global Cybersecurity team. The analyst will be working on a variety of projects that support the team’s efforts in security posture improvement and risk reduction. For this role, a good candidate will have foundational knowledge in cybersecurity with experience in cybersecurity governance, risk assessment and general knowledge of cyber security practices.

What Will You Be Doing?

  • Supporting the team’s global third party risk management process including conducting vendor risk assessments and reporting of risks.

  • Further refine control and audit mechanisms to monitor and maintain compliance with policies and standards.

  • Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

What Do We Require From You?

  • Strong written and verbal communication skills with the ability to collaborate through all parts of the business.

  • The ability to interact comfortably with personnel across multiple organizations, build strong relationships at all levels and across all business units, and understand business imperatives.

  • Prioritization and balancing operational tasks with longer-term strategic security projects and efforts.

  • Knowledge and understanding of information risk concepts aligned with the CIS Top 20, and NIST Cyber Security Framework (CSF) and principles as a means of relating business needs to cybersecurity controls.

  • Excellent analytical skills and ability to analyze security requirements and relate them to appropriate security controls.

  • Experience drafting, revising, and maintaining policies, procedures, standards and guidelines

  • Previous experience in conducting third party vendor risk assessments.


  • The Cyber Security GRC Analyst’s job is composed of a variety of activities, centered primarily around performing control assessments, reviewing vendors and drafting cyber security policies and awareness activities.

  • Develop, maintain and support security communication, awareness and training for audiences throughout the organization.

  • Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contract language aligned with the cybersecurity protection addendum.


  • Entry level CyberSecurity role with 1-2 years in a control assessment, third party risk and cybersecurity.

  • Good verbal, written and interpersonal communication skills

  • Any industry recognized Information Security accreditation including CISSP, CISM, CRISC is desirable

  • Knowledge of third party risk tools including OneTrust and Bitsight.

  • Knowledge of Security and Compliance Testing IT Infrastructure, and exposure to any IT GRC tool such as Service Now will be a plus.


No of direct reports: 0

No of indirect reports: n/a

Budget Responsibility: no

Travel Requirements: less than 10%

GAF is an equal opportunity employer.

Proof of COVID-19 Vaccination - As part of our commitment to health and safety, proof of COVID-19 vaccination is a condition of employment in this position. Should you require accommodation for medical or religious needs, please contact HR so that they can engage in an interactive process with you to determine if a reasonable accommodation can be provided in accordance with applicable state and federal law. If, by the Start Date, you are not fully vaccinated against COVID-19, or have not obtained an approved exemption from the Company for medical or religious reasons, your offer of employment will be rescinded and you will not be eligible for any Company-provided benefits (including under GAF’s Severance Plan) as a result of the rescission of your offer

We believe our employees are our greatest resource. We offer competitive salary, benefits, 401k, and vacation packages for all full time permanent positions. We are proud to be an equal opportunity workplace and GAF, SGI, and Siplast are proud to be affirmative action employers. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know. If applying for positions in the U.S., must be eligible to work in the U.S. without need for employer sponsored visa (work permit).

With 130+ years in the industry, GAF is the leading roofing manufacturer in North America. As a member of the Standard Industries family of companies, we are also part of the largest roofing and waterproofing business in the world.

Our communities help give our work meaning and the products we manufacture help protect what matters most. The shingles help to shelter the families living in the homes in our towns. The TPO helps protect what is under that hospital’s roof. In addition to quality products, we make sure they are installed by quality craftsmen and women. The full GAF portfolio of solutions is supported by an extensive national network of factory-certified contractors.

GAF continues to be the leader in quality and offers comprehensive warranty protection on its products and systems. Our success is driven by a commitment to empowering our people to deliver advanced quality and purposeful innovation and the desire to protect what matters most. ​