Company Summary

Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for seven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

Job Summary

The GRC Principal role is the product owner for our ServiceNow Governance, Risk, and Compliance (GRC) Tool (also called Integrated Risk Management or IRM).  GRC is used for our accurate current view of our enterprise IT and IS risk.  This role is responsible for design and implementation of our short term and long term GRC tool strategy to elevate our ability to quantify and mitigate risks.

The GRC Principal reports to the Deputy Chief Information Security Officer with dotted line oversight to Corporate IT’s ServiceNow Information Security Development team. 

Essential Functions

• Build and maintain effective relationship with Information Security, enterprise ServiceNow users and Corporate IT’s ServiceNow team. Be the strategic advisor to Information Security regarding the ServiceNow platform.
• Identifying areas to mature the tool and operational process supporting the use of the tool.
• Design and development of dashboards to enable our enterprise view of risk and compliance, KRIs, and KPIs.
• Dotted line oversight for Corporate IT’s ServiceNow development team to ensure deployments meet requirements.
• Design and implement data quality monitoring and reporting.
• Design of integrations with other ServiceNow products to maximize our risk mitigation.
• Build and maintain an effective relationship with the ServiceNow Vendor’s Risk Team.  Stay apprised of platform developments and roadmap. 
• Advise stakeholders on how to leverage the platform to achieve objectives and assist with solutions to support them.
• Where necessary ensure that processes are documented and communicated in language that is relevant and understandable to international and /or non-technical audiences.
• Look for opportunities to inform, engage or train others to make the best use of ServiceNow’s platform.
• Support and deliver security initiatives as needed and be in a position to demonstrate and track progress to stakeholders.
• Required to perform duties outside of normal work hours based on business needs.

Complexity & Impact

• Troubleshoots and guides others on a wide variety of complex problems and identifies solutions within broad application and functional expertise
• Works to define, drive and implement broad based conceptual issues
• Participates with and heavily influences management for defining requirements and setting organizational objectives
• Negotiates, persuades, and gains consensus from senior management, cross functional teams, business communities, and external customers impacted by process implementation

Supervision Given/Level of Instruction given

• May or may not supervise others
• Regularly leads cross functional teams to implement multiple processes within a broad business function
• Assigns work to cross functional team members and monitors multiple project status and completion
• Actively identifies issues, seeks out solutions and makes recommendations to the broad business community to apply customized solutions to solve business problems

Knowledge and Skills/Technology Used

• Experience with enterprise GRC/IRM tools, ServiceNow GRC is preferable.
• The ability to interact with Information Security colleagues, build good relationships at all levels and across all business units and organizations, and the ability to influence stakeholders of all levels
• Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience
• Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams
• Highly self-motivated and directed, with particular attention to detail
• A good understanding of Security frameworks including ISO27001/NIST

Typical Education

• Generally BS Degree or equivalent work experience

Licenses or Certificates

• Relevant industry certification such as CISSP, CISM, CRISC or similar

Typical Range of Experience

• 5+ years in a similar role in a large international organization
• Typically have 8+ years of directly related experience

Pay Range: $94,780 - $183,480 annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

This role is Hybrid, based in Santa Ana, CA.

#LI-BR1

First American invests in its employees’ development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer.Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.