Company: Baker Hughes
Skills: Risk Management
Experience: 8 + Years
Education: High School/Secondary
Location: Houston, Texas, United States


At Baker Hughes, we are building a Talent Community of highly talented and motivated professionals for future job roles. If you match the described job role and are as excited as we are to have you on-board in the future, please hit the apply button to be a part of our Talent Community.

As a member of our talent community, you will be amongst the first to get exclusive news about Baker Hughes, various cool projects we are working on, our employee success stories and new job opportunities you may be interested in.

We operate at the heart of the digital transformation of our business. From Digital Engineering to enabling employee success, the Digital Technology (DT) team is driven to provide the best products and services. We collaborate with the business and DT teams to ensure the highest standards of compliance are met.

The IT Risk Management and Compliance Lead works collaboratively within a team to support the DT's compliance function in the development and implementation of strategic goals that drive compliance with various IT controls (e.g., SOX, Data Privacy, NIST 800-53, ISO 27001, ISA 62443) associated to regulatory, statutory, company or contractual obligations.

As an IT Risk Management and Compliance Lead you will:
  • Leading portions of compliance programs and act as a central point of contact and subject matter expert on specific areas/applications to ensure appropriate internal controls for the enterprise, operational technology (OT) or product security
  • Providing oversight and guidance for periodic control reviews to ensure compliance with information security policies and established security controls
  • Responsible for the collaboration with management on the on-going compliance control programs as well as potentially leading testing coordination efforts between external/internal auditors and internal Business Controllership Stakeholders and Information Technology owners
  • Maintaining on-going communication with the business, external/internal auditors as it relates to alignment on audit planning, walkthroughs/testing, audit requests, impact assessments, and deficiency evaluation of IT controls (e.g., SOX, Data Privacy, NIST 800-53, ISO 27001, ISA 62443)
  • Developing metrics and compliance dashboards to monitor and measure effectiveness of security controls, and communicate progress in reducing risk
  • Partnering with IT and the business, focusing on areas of highest IT and cyber risk, to continuously improve on controls or automate compliance activities
  • Delivering timely and concise communication, including developing and producing management reports, illustrating status, trends, and action plans
  • Educating Business Process and Information Technology control owners by leading training sessions and focus sessions to demonstrate compliance requirements and share hot topics
  • Working with project teams on verification of controls prior to migration to production, as applicable.


Fuel your passion
To be successful in this role you will:
  • Have an 8+ years of combined experience in an IT risk management, IT compliance or IT audit role
  • Have experience in project management practices, tooling, and managing projects through the SOX, GDPR, and/or NIST/ISO 27001/ISA 62443 lifecycle
  • Have knowledge of COSO/COBIT framework and experience applying the framework in a manner that supports SOX, GDPR, and/or NIST/ISO 27001 compliance and operational efficiencies
  • Have experience with a major governance, risk and compliance (GRC) tool, such as Archer or Service Now
  • Have experience in ITGC/GITC audits including interfaces, control reports configurable controls
  • Have experience with leveraging data analytics to perform targeted sampling techniques and using automation for continuous monitoring
  • Have technical ERP knowledge on one or more major ERP package, such as Oracle EBS, SAP, and Hyperion systems
  • Have demonstrated track record of technical expertise with one or more SOX, GDPR, and/or NIST/ISO 27001/ISA 62443
  • Have Information security certifications (CISSP, CISM, CISA, etc.)
  • Have an ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner


*Please remember that joining the Talent Community is not an application for any specific job at Baker Hughes but to have the privilege of being considered for an opportunity that suits your profile on priority.

As part of our commitment to the health and safety of our employees, customers and the communities in which we operate, this role requires full vaccination for COVID-19 prior to beginning work.About Us:
With operations in over 120 countries, we provide better solutions for our customers and richer opportunities for our people. As a leading partner to the energy industry, we're committed to achieving net-zero carbon emissions by 2050 and we're always looking for the right people to help us get there. People who are as passionate as we are about making energy safer, cleaner and more efficient.

Join Us:
Are you seeking an opportunity to make a real difference in a company that values innovation and progress? Join us and become part of a team of people who will challenge and inspire you! Let's come together and take energy forward.

Baker Hughes Company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.