Sr. Security GRC Analyst

The Greenbrier CompaniesLake Oswego, OR
16h
Match Resume

About The Position

At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services. Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us. Greenbrier’s success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our Inclusion, Diversity, Engagement, Access and Leadership (IDEAL) commitment is rooted in these values, which lead to a culture where employees are engaged and feel good about coming to work every day. Summary The Sr. Security GRC Analyst supports Greenbrier’s IT Compliance program and audit activities. This role serves as the first line of defense by monitoring, executing, and maintaining IT controls related to SOX, SOC 1, SOC 2, and ISO compliance. The analyst works closely with the Sr. Manager – GRC and the CISO to support compliance initiatives and audit readiness across the IT organization. This position collaborates with cross-functional, global teams and communicates with stakeholders at all organizational levels. The role requires strong knowledge of IT control frameworks or IT auditing, attention to detail, and the ability to develop and maintain effective processes and documentation.

Requirements

  • Bachelor’s degree in Information Systems or a related field required.
  • 5+ years of IT audit experience at professional CPA firm, experienced at testing ITGCs for SOX Compliance and/or IT Controls for SOC-1 and SOC-2 compliance, or 8+ years in an IT GRC function, performing and/or implementing ITGCs for SOX Compliance and/or IT Controls for SOC-1 and SOC-2 Compliance.
  • Proficiency in Excel (performing data manipulations such as pivots and macros, familiar with special formulas)
  • Proficiency in Microsoft Word is a must.
  • Strong understanding of IT control requirements for IT SOX ITGC and SOC-1 and SOC-2 compliance.
  • Excellent technical writing; hands on experience with documenting for audit purposes and procedure writing.

Nice To Haves

  • CISA, CISSP, CPA, or other relevant certifications are preferred.
  • 1+ years experience performing 3rd Party SOC Report Reviews, or performing SOC examinations and SOC reporting
  • Experience performing or facilitating risk management and/or vendor risk assessment processes
  • Bilingual in English and Spanish
  • Understanding of security frameworks such as NIST CSF, ISO 27001.

Responsibilities

  • Audit Preparations and Auditor Access: Bulk upload SOX/SOC audit requests to centralized tool during interim and roll-forward testing periods. Coordinate auditor access to Greenbrier systems, as needed.
  • Audit Evidence Request Monitoring: Monitor audit evidence request tickets in centralized tool to ensure responses to auditors meet agreed upon milestones. Facilitate evidence request issues and coordinate meetings between IT stakeholders and relevant auditors.
  • Compliance Liaison: Liaison between control owners and auditors/assessors for the evidence collection process and audit testing follow-ups. Assist Control Owners with evidence requests from auditors. Schedule meetings as needed.
  • Control Automations: Facilitate and drive progress on control automation efforts, coordinating with subject matter experts, control owners, and automation teams.
  • Control Changes: Ensure control description and design changes and relevant procedure documentation get updated into the GRC tool master control list in a timely manner.
  • Control Failure Triage: Work with control owners/performers to perform root cause analyses on control issues and deficiencies, initiate risk-based remediation plans, and follow escalation procedures. May facilitate control remediation execution.
  • Control Improvements: Support and implement control improvements, automation, and update relevant documentation, at the direction of management
  • Control Monitoring: Using GRC Tool, monitor SOX/SOC controls for adequate completion by Control Owners and performers and secondary reviewers. Create dashboards for monitoring metrics by global region (U.S. vs. Europe)
  • Control Remediations: Design and track all assigned remediation plans through to timely completion. Provide status updates of remediation plans to key stakeholders within the organization. Document as needed.
  • Escalations: Proactively monitor audit follow-ups to identify potential control issues or failures, and missing or unavailable evidence, and follow internal escalation protocols immediately so GRC can triage.
  • GRC Consultations: Provide audit, control, and evidence guidance to internal security and IT teams; Partner with internal and external stakeholders to assist the IT organization during audits.
  • GRC Tool Enhancements: Enhance GRC tool usage for IT control monitoring at the direction of the Sr. Manager - GRC; Onboard recurring and new controls to GRC Tool evidence request library and set recurring notifications. Work with vendor on system enhancements desired.
  • Meeting Attendance: Attending weekly meetings with external and internal auditors, all control walkthroughs and follow-ups, as needed.
  • Procedure Documentation: Create SOX/SOC Control Procedures. Upload to GRC Tool.
  • Risk Management Support: Facilitate certain tasks that support our Risk Management and Third Party Risk Management Programs such as monitoring risk reviews due and risk assessments for completion, setting up meetings and coordinating with key stakeholders.
  • Auditor Interactions: Negotiation with auditors, issue management, productive and constructive communication with auditors.
  • Communicative: Highly responsive and collaborative. Skilled at conflict resolution.
  • Problem Solving: Think strategically and solve problems effectively, partner with specialists to design effective, reliable controls, as much as possible. Ability to ask the right questions and understand complex technical topics.
  • Trust Building: Excellent cross-cultural relationship and trust building, superb communication, and strong organizational skills.
  • Task Management: Ability to prioritize and track multiple projects in parallel. Manage the micro projects and push tasks forward assigned to you utilizing Greenbrier tasking tools available Proactively communicate task blockers and project issues Identify tasks needed, self-prioritize based on goals of the team, and proactively seek information to keep projects moving with ease

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Job Search Resources

Similar Sr. Security GRC Analyst job opportunities

Sr. Security GRC Analyst
The Greenbrier Companies
The Greenbrier Companies • Lake Oswego, OR2d
Security GRC Sr Analyst I
LTK USA
LTK USA • Dallas, TX5d • Remote
Sr. GRC Analyst
Sprinklr
Sprinklr7d • $92,000 - $153,000
Security GRC Analyst
HealthEquity
HealthEquity7d • $36 - $46 • Remote
Sr Analyst GRC Cybersecurity
NRECA
NRECA • Arlington, VA2d • Hybrid
Sr Analyst GRC Cybersecurity
NRECA
NRECA • Arlington, VA1d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service