At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services. Greenbrier's heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.
Greenbrier's success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.
Summary The Sr. Manager of IT Governance, Risk & Compliance will play a pivotal role in building and maintaining a robust global information security program based on ISO 27001 principles. This role will ensure compliance with IT SOX and SOC controls, aligning regional requirements with a comprehensive global strategy. The Sr. Manager will collaborate closely with the CISO, auditors, regulators, and internal teams to manage risk, implement security best practices, and foster a culture of security awareness across the organization.
Duties and Responsibilities To perform this job successfully an individual must be able to perform the following essential duties satisfactorily. Other duties may be assigned to address business needs and changing business practices. Program Leadership:
Partner with the CISO to design, implement, and oversee a comprehensive information security program aligned with ISO 27001 standards. Harmonize regional security requirements into a cohesive global framework. Develop and manage an enterprise-wide information security risk management program, including Risk and Control Self-Assessments (RCSAs). Compliance & Audit Liaison:
Act as the primary point of contact for internal and external audits, regulatory inquiries, and compliance initiatives. Coordinate responses to audit findings and observations, ensuring timely remediation. Maintain expertise in IT SOX and SOC controls, ensuring ongoing compliance. Security Awareness & Training:
Design and deliver engaging security awareness and training programs for all employees. Mentor and develop information security personnel to enhance their expertise and capabilities. Team Management & Budget:
Lead and manage the information security team, providing guidance, mentorship, and performance evaluations. Develop and manage the department budget, tracking costs associated with the security program. Performance Monitoring:
Monitor and report on key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of the security program. Prepare for and participate in regulatory activities, such as Sarbanes-Oxley (SOX) compliance. Cross-Functional Collaboration:
Provide expert information security consultation to various departments. Communicate security goals, initiatives, and risks effectively to stakeholders across the organization. Policy & Procedure Development:
Develop, document, implement, and maintain comprehensive information security policies, controls, and procedures. Vendor & 3rd Party Risk Management:
Conduct and review the quality of security audits of third-party vendors using a centralized tool to ensure they meet or exceed industry standards and contractual obligations. Develop and implement a robust third-party risk management program, leveraging UpGuard to assess, monitor, and mitigate risks associated with vendors and partners. Establish clear risk assessment criteria and remediation processes for third parties. GRC Tool Deployment:
Lead the deployment and integration of a centralized GRC tool (AuditBoard) to streamline risk management, compliance tracking, and audit processes. Ensure effective utilization of the tool across the organization to drive efficiency and improve security posture. Qualifications The following generally describes requirements to successfully perform the assigned duties. Minimum Qualifications Education & Experience:
Bachelor's degree in Computer Science, Information Systems, or a related field. 12+ years of progressive experience in IT GRC and/or IT Audit Proven track record of building and/or managing successful IT GRC programs, especially SOX and SOC programs, in the global manufacturing environment. Experience building Vendor Risk Management programs and performing risk assessments. Certifications:
Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or equivalent certifications preferred. ISO 27001 Lead Auditor or Lead Implementer certification is a strong asset. Skills & Knowledge:
Strong experience with IT SOX and SOC controls and interacting with external/internal auditors. Strong risk management and assessment skills. Excellent communication, leadership, and interpersonal skills. Understanding of ISO 27001 framework and its implementation. Work Environment and Physical Requirements Work Environment The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. In office, Lake Oswego, OR Physical Activities and Requirements Frequency Key Not Applicable: Activity is not applicable to this occupation
Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)
Frequently: Occupation requires this activity from 33% - 66% of the time (2.5: 5.5+ hours/day)
Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)
Working Postures Sit: Frequently Walk: Occasionally Bend: Occasionally Kneel/Squat: Occasionally Crawl: Occasionally Climb: Occasionally Reach Forward: Occasionally Reach Upward: Occasionally Handling/Fingering: Frequently Lift / Carry Requirements 5-10 lbs: Occasionally 10-25 lbs: Not Applicable 25-50 lbs: Not Applicable 50-75 lbs: Not Applicable 75+ lbs: Not Applicable Push / Pull Requirements Up to 10 lbs: Frequently 10-25 lbs: Frequently 25-50 lbs: Not Applicable 50-75 lbs: Not Applicable 75+ lbs: Not Applicable EOE including Vet/Disability Click here for more information: Know Your Rights
Greenbrier makes reasonable accommodations in the application and hiring process for individuals with known disabilities, unless providing accommodation would result in an undue hardship. Any applicant believing that he or she may need reasonable accommodation for any part of the application and hiring process should contact Greenbrier Human Resources at or call us at .
-----------------------------------------------------------------
Email communication from The Greenbrier Companies (Greenbrier) will always come from a corporate email address that ends in @gbrx.com or from our applicant tracking system, iCIMS, after you have created a secure account and submitted your application. During the application process, you will create a secure account in our secure applicant tracking site that ends with "-gbrx.icims.com". In this portal, we will ask you to provide your contact information, past employment history, education history and other job-related information.
