Manager, IT Security Governance, Risk, and Compliance - Indianapolis, United States - Allison Transmission

Description

JOIN THE TEAM THAT'S POWERING PROGRESS
Building cities. Driving commerce. Saving lives. For over 100 years, Allison Transmission has powered the vehicles and technology that move our world forward.
What powers us? Our employees.

From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today, we're driving progress everywhere because we employ top talent worldwide.

Learn more about this role and how you can begin driving your career forward

Job Title:
Manager, IT Security Governance, Risk, and Compliance

Pay Grade:
M3

Job Description:

JOIN THE TEAM THAT'S POWERING PROGRESS
Building cities. Driving commerce. Saving lives. For over 100 years, Allison Transmission has powered the vehicles and technology that move our world forward.
What powers us? Our employees.

From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today, we're driving progress everywhere because we employ top talent worldwide.

This is an exciting opportu nity in Indianapolis, IN for an IT Security Governance, Risk, and Compliance (GRC) Manager .

Learn more about this role and how you can begin driving your career forward
This position serves as a critical member of the Information Systems and Services and Information Security team. You will be responsible for supporting the CISO with the adoption and implementation of Cybersecurity Strategy, Policies and Standards.

You will build and maintain a GRC roadmap that encompasses industry standards like Sarbanes Oxley, NIST CSF, CMMC, and various privacy regulations.

The IT Security GRC Manager will be responsible for day-to-day activities in implementing the information security and compliance program.

You will assist in maintaining audit and compliance initiatives to ensure policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements.

You will participate in and support various department activities which may include development and monitoring of IT general controls, quarterly user access reviews, the development and maintenance of information security policies, procedures, and standards; training, and awareness activities; review and respond to security requirements and inquiries regarding existing or proposed solutions.

In this role you will liaison with internal and external audit functions to gather evidence and collaboratively determine how to best track and resolve identified deficiencies.

In addition, this role will collaborate closely with Human Resources, Legal, and other business partners to ensure compliance requirements are understood.

You will also coordinate efforts with Information Security, Project Management Office, Enterprise Architecture, and IT Operations teams to ensure that compliance requirements are appropriately addressed, supervised, and reported to business stakeholders.

Key Responsibilities:

• Develop and lead an IT security risk management program to identify, assess, and manage risks, including effective data-driven reporting and tracking of risk reduction activities.
• Understand and interpret laws and regulatory requirements related to information protection and develop and implement appropriate processes to keep the Allison in compliance and reduce legal liabilities.
• Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all of Allison information assets.
• Identify gaps and potential security concerns, provide mitigation strategies, and lead all aspects of remediation activities.
• Provide domain expertise in the creation, implementation, and maintenance of appropriate IT security risk programs, policies, and procedures to be aligned with all applicable regulations including ITAR (International traffic in Arms Regulation), EAR (Export Administration Regulation), NIST (National Institute of Standards and Technology), SOX (Sarbanes Oxley Act), and various privacy regulations across the IT environment.
• Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to Allison information assets.
• Take the helm in monitoring, measuring, and reporting on controls effectiveness for security and compliance, nimbly adjusting strategy and implementation as needed.
• Provide periodic updates to IT leadership regarding the status of the ITGC SOX testing plans, the issues identified, and the decisions regarding the solutions to address the identified problems.
• Employ manual and automated techniques to verify ongoing technical and procedural compliance with organizational standards.
• Assist organization in maintaining a security posture commensurate with the risk tolerance of the organization while meeting business objectives, and regulatory requirements.
• Lead the tracking and periodic reviews of defined exceptions to security policies and standards.
• Maintain relationships with internal and external audit and compliance agencies to facilitate execution of audits.
• Participate and act as a point of contact for IT security risk assessment, customer due diligence questionnaires, audits, regulatory responses.
• Track and report on IT audit and risk findings, including coordinating IT management forums for discussion and reporting of these findings.
• Lead the Information Security Awareness Training program across the global organization, including training tools and reporting.
• Lead the Allison Transmission Third Party Cyber Risk management program.
• Lead a small team (less than 5) of direct reports.

Key Performance Indicators:

• Execute, lead, enhance, and implement processes to stay in sync with IT regulatory and corporate requirements.
• Lead the IT Security GRC team by monitoring the team's workload, assigning tasks, reviewing work, meeting the goals of the global organization.
• Implement Governance, Risk, and Compliance (GRC) methodologies and tools to support structured, traceable, and repeatable processes.
• Develop processes to efficiently collect data to demonstrate control effectiveness for security frameworks.
• Develop and maintain the program roadmap; drive, prioritize, and implement an agenda to deliver tangible results
• Develop, implement, and supervise reporting mechanisms for governance, security, and risk practices to support compliance and highlight areas of exposure
• Develop, improve, operationalize enterprise-level security, risk and privacy policies, processes, and controls to mitigate risk and follow applicable laws and regulations
• Engineer a comprehensive control library, mapping our current controls to our corporate and regulatory requirements, addressing any gaps and/or inefficiencies identified.
• Initiate, facilitate, and promote activities to build information security awareness within the ATI Organization and deliver training and oversight in accordance with established information security policies and procedures.
• Provide guidance, expertise, and support for on-going program and process improvements for exceptions management within the ServiceNow system
• Drive remediation efforts and recommendations as they relate to external and internal security audits.
• Provide oversite and direction related to auditing automation software and applications to handle governance tasks and SOX financial reporting functions such as ServiceNow GRC and SAP GRC Process Control and Access Control software.
• Perform continuous monitoring and maintain Plans of Actions and Milestones (POA&Ms).

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related subject area.
• Risk Management certification (e.g., CRISC, CISSP, CISA, CRCM, or CIPP) is highly desired but not required.

Experience:

Required:

• At least 5 years' experience in Risk Management, Audit, Compliance, Information Security, or IT Governance, with 2 years in a managerial role

Preferred:

• Understanding of SOX Controls and Requirements
• Experience leading the design and execution of IT general controls
• Experience with IT GRC platforms
• Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations such as ITAR, EAR, SOX, NIST, GDPR and others.
• Experience developing System Security Plans (SSP) and maintaining Plans of Actions and Milestones (POA&Ms).
• Experience applying cybersecurity and privacy principles to organizational requirements
• Experience working with internal and external auditors

Allison Transmission is an equal opportunity employer.

We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application.

Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.

Primary Location:
Indianapolis, IN

Additional Locations:
Allison Transmission is an equal opportunity employer.

We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at ati+- .

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application.

Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.
Allison Transmission is the world's largest manufacturer of commercial-duty automatic transmissions and hybrid propulsion systems.

Our products are specified by more than 300 of the world's leading vehicle manufacturers and are used in a range of market sectors—from bus, refuse and emergency to construction, distribution and defense.

Allison was founded in 1915 in Indianapolis, Indiana, where the company's global headquarters is still located.

We have approximately 1,400 dealer and distributor locations, employ more than 2,700 people around the world and our international presence spans more than 80 countries.

Allison Transmission is an equal opportunity employer.

We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application.

Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.