Senior Security/GRC Analyst

At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services.

Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.

Greenbrier’s success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.

Summary

The Senior Security/GRC Analyst is responsible for managing corporate controls for SOX, NIST CSF, SOC-1, and SOC-2. This role is a blended security/GRC position primarily focusing on GRC (Governance, Risk, and Compliance). The Senior Security/GRC Analyst will collaborate with the GRC Manager, CISO, and Cybersecurity Team to implement cybersecurity and GRC initiatives, ensuring alignment with industry regulations, standards, policies, and legal requirements. Strong project management skills are essential, along with soft skills such as negotiation, cross-cultural communication, and crisis management.

Duties and Responsibilities

To perform this job successfully an individual must be able to perform the following essential duties satisfactorily. Other duties may be assigned to address business needs and changing business practices.

• Contribute to the development and implementation of governance frameworks, policies, and procedures to ensure compliance with relevant laws, regulations, and industry standards.
• Conduct risk assessments and identify potential areas of risk within the organization.
• Support the design and implementation of risk management strategies and internal controls to mitigate identified risks.
• Monitor and evaluate the effectiveness of existing risk management processes and controls, and make recommendations for improvements as needed.
• Provide security and GRC guidance and support to internal teams on security and compliance-related matters, including regulatory requirements and best practices.
• Collaborate with cross-functional and cross-cultural teams to ensure alignment of governance, risk, and compliance efforts with business objectives.
• Stay up-to-date on regulatory developments and industry trends, and proactively advise senior management on potential impacts to the organization.
• Communicate with stakeholders including business process owners, control owners, and cross-functional teams to track and facilitate the completion of key compliance and security objectives.

Cybersecurity:

• Support development and implementation of the cybersecurity roadmap.
• Partner with internal stakeholders to define security toolset and lead global adoptions.
• Ensure security policies are aligned with corporate best interests and with compliance frameworks (SOX, NIST CSF, SOC-1, SOC-2)
• Operate independently and collaboratively for initiatives such as vulnerability. management, change management, application security and network security.

Compliance:

• Support development and implementation of the compliance roadmap for all frameworks (SOX, NIST CSF, SOC-1, SOC-2).
• Partner with internal and external stakeholders to prepare and facilitate the IT organization during audits, including supporting Control Owners with requests from the external auditors.
• Act as a compliance liaison between control owners and auditors/assessors.
• Capture and work with internal stakeholders to define plans to remediate audit findings.
• Track all compliance-related continuous improvement and remediation activities through completion.
• Advise stakeholders on best practices in alignment with compliance frameworks.
• Report status to key stakeholders within the organization.

Qualifications

The following generally describes requirements to successfully perform the assigned duties.

Minimum Qualifications

• 5+ years of experience in IT compliance and client/customer management.
• 4+ years auditing (or implementing internally) ITGCs for SOX Compliance and/or 4+ years performing SOC examination testing and reporting.
• Well-versed in IT compliance frameworks including IT SOX, SOC-1 and SOC-2; NIST CSF.
• Experience with risk assessment, policy and procedure development.
• Familiar with cybersecurity best practices and frameworks.
• Experience with project management methodologies, such as Agile, Six Sigma and Waterfall.
• Experience with vulnerability management, change management, application security and network security.
• Excellent communication, interpersonal, and organizational skills.
• Proficiency in Excel (performing data manipulations such as pivots and macros, familiar with special formulas) and Word.
• Ability to work independently and as part of a team.
• Ability to think strategically and solve problems effectively.

Preferred Qualifications

• 3+ years of experience performing security risk assessments or in a cybersecurity role.
• Bilingual in English and Spanish.
• Experience reviewing 3rd Party SOC Reports or performing SOC examination reporting.

Work Environment and Physical Requirements

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position will be located in Lake Oswego, Oregon.

Physical Activities and Requirements 

Frequency Key

Not Applicable: Activity is not applicable to this occupation

Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)

Frequently: Occupation requires this activity from 33% - 66% of the time (2.5: 5.5+ hours/day)

Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)

Working Postures

• Sit: Frequently
• Stand: Occasionally
• Walk: Occasionally
• Bend: Occasionally
• Kneel/Squat: Not Applicable
• Crawl: Not Applicable
• Climb: Not Applicable
• Reach Forward: Occasionally
• Reach Upward: Occasionally
• Handling/Fingering: Occasionally

Lift / Carry Requirements

• 5-10 lbs: Occasionally
• 10-25 lbs: Not Applicable
• 25-50 lbs: Not Applicable
• 50-75 lbs: Not Applicable
• 75+ lbs: Not Applicable

Push / Pull Requirements

• Up to 10 lbs: Occasionally
• 10-25 lbs: Not Applicable
• 25-50 lbs: Not Applicable
• 50-75 lbs: Not Applicable
• 75+ lbs: Not Applicable

EOE including Vet/Disability

Click here for more information: Know Your Rights

Greenbrier makes reasonable accommodations in the application and hiring process for individuals with known disabilities, unless providing accommodation would result in an undue hardship. Any applicant believing that he or she may need reasonable accommodation for any part of the application and hiring process should contact Greenbrier Human Resources at careers@gbrx.com or call us at 503-684-7000.
 
-----------------------------------------------------------------
 
Email communication from The Greenbrier Companies (Greenbrier) will always come from a corporate email address that ends in @gbrx.com or from our applicant tracking system, iCIMS, after you have created a secure account and submitted your application. During the application process, you will create a secure account in our secure applicant tracking site that ends with “-gbrx.icims.com”. In this portal, we will ask you to provide your contact information, past employment history, education history and other job-related information.