Manager, IT Security Governance, Risk, and Compliance

at  Allison Transmission Inc

JOIN THE TEAM THAT’S POWERING PROGRESS

Building cities. Driving commerce. Saving lives. For over 100 years, Allison Transmission has powered the vehicles and technology that move our world forward.
What powers us? Our employees. From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today, we’re driving progress everywhere because we employ top talent worldwide.
Learn more about this role and how you can begin driving your career forward!
Job Title:
Manager, IT Security Governance, Risk, and Compliance
Pay Grade:
M3
Job Description:

• Develop and lead an IT security risk management program to identify, assess, and manage risks, including effective data-driven reporting and tracking of risk reduction activities.
• Understand and interpret laws and regulatory requirements related to information protection and develop and implement appropriate processes to keep the Allison in compliance and reduce legal liabilities.
• Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all of Allison information assets.
• Identify gaps and potential security concerns, provide mitigation strategies, and lead all aspects of remediation activities.
• Provide domain expertise in the creation, implementation, and maintenance of appropriate IT security risk programs, policies, and procedures to be aligned with all applicable regulations including ITAR (International traffic in Arms Regulation), EAR (Export Administration Regulation), NIST (National Institute of Standards and Technology), SOX (Sarbanes Oxley Act), and various privacy regulations across the IT environment.
• Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to Allison information assets.
• Take the helm in monitoring, measuring, and reporting on controls effectiveness for security and compliance, nimbly adjusting strategy and implementation as needed.
• Provide periodic updates to IT leadership regarding the status of the ITGC SOX testing plans, the issues identified, and the decisions regarding the solutions to address the identified problems.
• Employ manual and automated techniques to verify ongoing technical and procedural compliance with organizational standards.
• Assist organization in maintaining a security posture commensurate with the risk tolerance of the organization while meeting business objectives, and regulatory requirements.
• Lead the tracking and periodic reviews of defined exceptions to security policies and standards.
• Maintain relationships with internal and external audit and compliance agencies to facilitate execution of audits.
• Participate and act as a point of contact for IT security risk assessment, customer due diligence questionnaires, audits, regulatory responses.
• Track and report on IT audit and risk findings, including coordinating IT management forums for discussion and reporting of these findings.
• Lead the Information Security Awareness Training program across the global organization, including training tools and reporting.
• Lead the Allison Transmission Third Party Cyber Risk management program.
• Lead a small team (less than 5) of direct reports