Information Security Governance Analyst

TechnipFMC is committed to driving real change in the energy industry. Our ambition is to build a sustainable future through relentless innovation and global collaboration – and we want you to be part of it. You’ll be joining a culture that values curiosity, expertise, and ideas as well as equal opportunities, inclusion, and authenticity. Bring your unique energy to our team of more than 21,000 people worldwide, and discover a rewarding, fulfilling, and varied career that you can take in anywhere you want to go. Job Purpose We are seeking an Information Security Governance Analyst to support our Information Security Governance, Risk and Compliance (GRC) programme. In this role, you will help demonstrate compliance with key regulatory and industry frameworks by coordinating audits and assessments, gathering and validating evidence, tracking actions through to closure, and supporting continuous improvement of governance documentation and reporting. In this role you will serve as an Information Security Professional as an Information Security Governance Analyst, protecting TechnipFMC information security throughout the system lifecycle. The Information Security Governance Analyst supports the IT compliance program within the Information Security organization. This support includes but is not limited to Sarbanes Oxley (SOX), SOC 2, ISO 27001, ISO 42001, NIST, questionnaires, audits and assessments from 3rd parties, clients and partners assessing the TechnipFMC’s regulatory compliance status. Applicants must be authorized to work for any employer in the U.S. without restriction. For this position we are not sponsoring or taking over sponsorship of an employment visa at this time. Job Description Coordinate internal and external audits and controls testing (e.g., SOX, SOC 2, ISO 27001/42001, NIST) by managing timelines, stakeholders, and deliverables to support on-time, high-quality audit outcomes. Triage, assign, and track requests for information (RFIs) to the correct SMEs, ensuring clear ownership and deadlines and improving response timeliness. Collect, validate, and submit audit evidence by performing completeness/quality checks to reduce evidence rework and audit follow-ups. Identify evidence gaps and drive closure by working with control owners/SMEs to remediate missing or insufficient evidence before submission deadlines. Maintain audit schedules and status trackers to provide accurate, current visibility of audit progress, evidence readiness, and risks to delivery. Maintain an Audit Findings List and Corrective Action Log to ensure findings are documented, assigned, tracked, and closed within agreed timescales. Monitor control testing progress and exceptions (including failed tests) and elevate issues with clear context and impact to support timely remediation decisions. Support third‑party, customer, and partner security assessments and questionnaires by coordinating inputs and validating responses to protect accuracy and consistency of submissions. Maintain and update governance document status trackers to ensure policies/standards/procedures are reviewed, current, and traceable. Support ongoing maintenance of governing documents by coordinating periodic reviews and updates with stakeholders to keep documentation aligned to requirements and practice. Identify compliance programme gaps and recommend improvements based on audit outcomes, metrics, and stakeholder feedback to strengthen control effectiveness and readiness. Maintain GRC metrics, KPIs, and the Risk and Controls Matrix (RCM) to support evidence-based reporting and prioritisation of compliance activities. Input data into the GRC tooling/module and publish GRC-related content to ensure records are complete, current, and available for reporting and audits. Prepare materials for management reviews, compliance committees, and governance forums to enable clear decision-making and documented oversight. You are meant for this job if: Bachelor’s degree in computer science or related discipline considered as a plus 2+ years of experience in supporting or auditing IT and Information Security compliance programs. Strong understanding of compliance regulations (e.g., Sarbanes Oxley 404, PCAOB, PCI, GDPR) and security standards (e.g., ISO 27001, NIST CSF). Familiar with IT governance and quality frameworks such as ISO, COBIT, and ITIL. Skilled in compliance metrics tracking. Proven ability to work effectively in global, matrixed environments. Excellent interpersonal, organizational, and communication skills. Comfortable collaborating across enterprise-scale organizations and building effective working relationships. Advanced oral and written communication skills in English. Strong analytical, problem-solving, and critical thinking capabilities. Nice to have Information Security related certifications such as CISA, Security+, Network+, Azure AZ-900, AZ-500, AWS certification, CEH. Skills Verbal Communication Coaching Stakeholder Management Technical Writing Systems Thinking Compliance Support Process Improvement Budgeting Demand Intake Project/Program Management Business Continuity and Disaster Recovery Planning Develop Governance Principles Information Security Requirements Management and Analysis Governance and Security Administration Lean Evidence Handling Regulatory Compliance Interpreting Requirements Project Risk and Issues Management Being a global leader in the energy industry requires an inclusive and diverse environment. TechnipFMC promotes equal opportunities and inclusion by ensuring equal opportunities to all ages, races, ethnicities, religions, gender expressions, disabilities, or all other pluralities. We celebrate who you are and what you bring. Every voice matter and we encourage you to add to our culture. TechnipFMC respects the rights and dignity of those it works with and promotes adherence to internationally recognized human rights principles for those in its value chain. #J-18808-Ljbffr TechnipFMC plc