Senior Security/GRC Analyst

at  The Greenbrier Companies

Company Overview:
At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services.
Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.
Greenbrier’s success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.
Summary:

SUMMARY

The Senior Security/GRC Analyst is responsible for managing corporate controls for SOX, NIST CSF, SOC-1, and SOC-2. This role is a blended security/GRC position primarily focusing on GRC (Governance, Risk, and Compliance). The Senior Security/GRC Analyst will collaborate with the GRC Manager, CISO, and Cybersecurity Team to implement cybersecurity and GRC initiatives, ensuring alignment with industry regulations, standards, policies, and legal requirements. Strong project management skills are essential, along with soft skills such as negotiation, cross-cultural communication, and crisis management.

QUALIFICATIONS

The following generally describes requirements to successfully perform the assigned duties.

MINIMUM QUALIFICATIONS

• 5+ years of experience in IT compliance and client/customer management.
• 4+ years auditing (or implementing internally) ITGCs for SOX Compliance and/or 4+ years performing SOC examination testing and reporting.
• Well-versed in IT compliance frameworks including IT SOX, SOC-1 and SOC-2; NIST CSF.
• Experience with risk assessment, policy and procedure development.
• Familiar with cybersecurity best practices and frameworks.
• Experience with project management methodologies, such as Agile, Six Sigma and Waterfall.
• Experience with vulnerability management, change management, application security and network security.
• Excellent communication, interpersonal, and organizational skills.
• Proficiency in Excel (performing data manipulations such as pivots and macros, familiar with special formulas) and Word.
• Ability to work independently and as part of a team.
• Ability to think strategically and solve problems effectively.

PREFERRED QUALIFICATIONS

• 3+ years of experience performing security risk assessments or in a cybersecurity role.
• Bilingual in English and Spanish.
• Experience reviewing 3rd Party SOC Reports or performing SOC examination reporting.

PHYSICAL ACTIVITIES AND REQUIREMENTS

Frequency Key
Not Applicable: Activity is not applicable to this occupation
Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)
Frequently: Occupation requires this activity from 33% - 66% of the time (2.5: 5.5+ hours/day)
Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)

LIFT / CARRY REQUIREMENTS

• 5-10 lbs: Occasionally
• 10-25 lbs: Not Applicable
• 25-50 lbs: Not Applicable
• 50-75 lbs: Not Applicable
• 75+ lbs: Not Applicable

PUSH / PULL REQUIREMENTS

• Up to 10 lbs: Occasionally
• 10-25 lbs: Not Applicable
• 25-50 lbs: Not Applicable
• 50-75 lbs: Not Applicable
• 75+ lbs: Not Applicable
  Footer:

To perform this job successfully an individual must be able to perform the following essential duties satisfactorily. Other duties may be assigned to address business needs and changing business practices.

• Contribute to the development and implementation of governance frameworks, policies, and procedures to ensure compliance with relevant laws, regulations, and industry standards.
• Conduct risk assessments and identify potential areas of risk within the organization.
• Support the design and implementation of risk management strategies and internal controls to mitigate identified risks.
• Monitor and evaluate the effectiveness of existing risk management processes and controls, and make recommendations for improvements as needed.
• Provide security and GRC guidance and support to internal teams on security and compliance-related matters, including regulatory requirements and best practices.
• Collaborate with cross-functional and cross-cultural teams to ensure alignment of governance, risk, and compliance efforts with business objectives.
• Stay up-to-date on regulatory developments and industry trends, and proactively advise senior management on potential impacts to the organization.
• Communicate with stakeholders including business process owners, control owners, and cross-functional teams to track and facilitate the completion of key compliance and security objectives.