The Greenbrier Companies, Inc. IT Governance Risk and Compliance Program Manager in Lake Oswego, Oregon
At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE: GBX) is a leading designer, manufacturer and supplier of freight rail and marine transportation equipment and services, powering the movement of products around the world. Greenbrier's innovation and engineering expertise pairs with our capacity to build and repair freight transportation equipment. This allows us to provide an unrivaled level of service to our customers across the Americas, Europe and countries of the Gulf Cooperation Council. Greenbrier also provides asset management services and a unique railcar leasing syndication platform that brings us into contact with the world's leading fixed asset investors.
Greenbrier's heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers and positively impact the world around us.
Greenbrier is hiring for a Cyber Security resource to be responsible for enterprise wide GRC processes. This position ensures leadership has the information needed to make strategic risk-based decisions enabling the achievement of e business objectives.
Governance plays a critical role in empowering Greenbrier to proactively implement appropriate security. We enable our customers through delivery of security content and key governance processes, connecting and aligning teams through common architecture, data models, and taxonomy.
In this role, you are part manager, liaison, engineer, and advisor. You ramp up quickly into a solid, productive member of the Cyber Security team. You have knowledge of commonly used policy, standards, controls, risk and compliance concepts, practices, and procedures for security. You are excellent at building relationships You are organized and innovative with a bias toward automation. independently while still asking for help in some areas. You are a "bridge" builder helping to coordinate and bring together various organizations inside and outside of Security around a common process.
Aligning Security GRC governance activities with stakeholders across the company
Improving security and customer trust
Building and maintaining SOC2 compliance activities
Become the Greenbrier owner of our Information Security Management System all related activities, relationships, and processes
Understand and document desired business outcomes related to security
Identify and create metrics and dashboards to quantify and measure the impact of information security governance processes that you drive
Qualifications and Experience:
Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 5-7 years of total work experience
Experience in security related analysis, creating metrics and dashboards
Ability to work with both business and technical areas and translate between the two areas
Excellent verbal and written communication skills and ability to communicate results to multiple levels of management
Familiarity with security frameworks such as NIST CSF, ISO 27001, SOC1/2, PCI, etc.
Operational process design, improvement, and implementation experience
Excellent interpersonal, relationship, and organizational skills
Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders
Knowledge of, or experience working with, Cloud technologies/environments is a plus
Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions
CISSP, CISA, CISM or similar certifications a plus
Company: Greenbrier Leasing Company LLC
Functional Group: Information Technology