Governance Risk and Compliance Manager

The Timken Company•North Canton, OH

17h

About The Position

What Timken makes possible begins with you. Those who came before us helped land a man on the moon, create the world's infrastructure, and introduce renewable energy alternatives. Now you can join the Timken team to write your own unique story and help drive what's next. A career at Timken means you can have an immediate impact doing Work That Matters to the world— improving the efficiency of today's industrial equipment and preparing for the future of motion on our planet and beyond. New employees can start contributing right away, and there are many opportunities to advance your career at your own pace. Join our global team of 19,000 people in 45 countries, and start helping our customers push the limits of what's possible in their world of motion. The Governance Risk and Compliance Manager will be responsible for assessing if Timken’s IT assets are protected in accordance with all policies, controls, industry standards and frameworks. This role supports various business partners and departments in assessing compliance with applicable laws and regulations. They will work to develop, implement, and maintain a comprehensive information compliance program that encompasses all aspects of Timken’s Information Security program. This role will own Timken’s information security compliance program for ISO 27001 and CMMC.

Requirements

Experience with a variety of compliance frameworks, such as HIPAA and PCI DSS
Experience with cybersecurity frameworks, such as the NIST Cybersecurity Framework, ISO 27001, ISO 27002, CMMC and SOC2
Proven track record with auditing and reporting
Experience of implementing, operating and maturing cybersecurity compliance with relevant frameworks, standards and regulations
Adept at planning, executing, and tracking compliance projects within allocated budgets.
Demonstrated experience with internal audits and working with external certification bodies/assessors
Excellent stakeholder management and communication skills; able to translate technical requirements to business leaders and vice versa
Project management skills with ability to manage multiple concurrent initiatives and remediation efforts
Bachelor's in Business, Computer Science, Computer Engineering, or related discipline with a minimum of 8 years’ experience required
Candidate must be authorized to work in the US.

Nice To Haves

Master's in Business, Computer Science, Computer Engineering, or related discipline with 12 years’ experience preferred

Responsibilities

Own and operate the Information Security Management System (ISMS) aligned to ISO 27001 and lead CMMC certification efforts
Define, maintain, and report program scope, objectives, success metrics, and multi-year roadmap for ISO and CMMC compliance
Establish and run governance forums (e.g., ISMS steering committee, compliance working groups)
Develop, update, and maintain ISMS documentation: Information Security Policy, Scope, Statement of Applicability (SoA), risk methodology, procedures, and work instructions
Plan, coordinate, and execute compliance assessments, readiness assessments, and external certification assessments (ISO and CMMC); act as primary point of contact for assessors
Ensure alignment of security objectives with business goals and legal/regulatory requirements
Respond to inquiries from Timken customers and support the IT organization with various audits
Research, and apply relevant laws, regulations, and industry standards to the organization's information systems and practices
Train and educate employees on cybersecurity compliance requirements
Stay up to date on emerging compliance issues
Communicate cybersecurity risks and compliance requirements to senior management and business stakeholders
Lead continuous improvement initiatives, implement lessons learned from audits and incidents, and mature compliance processes and tooling