We use cookies to improve your experience on our site. To find out more, read our privacy policy.

DE Jobs

Search from over 2 Million Available Jobs, No Extra Steps, No Extra Forms, Just DirectEmployers

Home View All Jobs (2,186,862)

Job Information

Allison Transmission Manager, IT Security Governance, Risk, and Compliance in Indianapolis, Indiana

JOIN THE TEAM THAT’S POWERING PROGRESS

Building cities. Driving commerce. Saving lives. For over 100 years, Allison Transmission has powered the vehicles and technology that move our world forward.What powers us? Our employees. From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today, we’re driving progress everywhere because we employ top talent worldwide.

Learn more about this role and how you can begin driving your career forward!

Job Title:

Manager, IT Security Governance, Risk, and Compliance

Pay Grade:

M2

Job Description:

Allison Transmission is seeking an IT Security Governance, Risk, and Compliance (GRC) Manager. This position serves as a critical member of the Information Systems and Services and Information Security team. You will be responsible for supporting the CISO with the adoption and implementation of Cybersecurity Strategy, Policies and Standards. You will create and maintain a GRC roadmap that encompasses industry standards like Sarbanes Oxley, NIST CSF, CMMC, and various privacy regulations.

The IT Security GRC Manager will be responsible for day-to-day activities in implementing the information security and compliance program. You will assist in maintaining audit and compliance initiatives to ensure policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements. You will participate in and support various department activities which may include development and monitoring of IT general controls, quarterly user access reviews, the development and maintenance of information security policies, procedures, and standards; training, and awareness activities; review and respond to security requirements and inquiries regarding existing or proposed solutions.

In this role you will liaison with internal and external audit functions to gather evidence and collaboratively determine how to best track and resolve identified deficiencies. In addition, this role will collaborate closely with Human Resources, Legal, and other business stakeholders to ensure compliance requirements are understood. You will also coordinate efforts with Information Security, Project Management Office, Enterprise Architecture, and IT Operations teams to ensure that compliance requirements are appropriately addressed, tracked, and reported to business stakeholders.

Responsibilities

  • Manage an IT security risk management program to identify, assess, and manage risks, including effective data-driven reporting and tracking of risk reduction activities.

  • Understand and interpret laws and regulatory requirements related to information protection and develop and implement appropriate processes to keep the Allison in compliance and reduce legal liabilities.

  • Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all of Allison information assets.

  • Identify gaps and potential security concerns, provide mitigation strategies, and oversee remediation activities.

  • Provide subject matter expertise in the creation, implementation, and maintenance of appropriate IT security risk programs, policies, and procedures to be compliant with all applicable regulations including SOX (Sarbanes Oxley Act), and various privacy regulations across the IT environment.

  • Take the helm in monitoring, measuring, and reporting on controls effectiveness for security and compliance, nimbly adjusting strategy and implementation as needed.

  • Provide regular updates to IT leadership regarding the status of the ITGC SOX testing plans, the issues identified, and the decisions regarding the solutions to address the identified problems.

  • Employ manual and automated techniques to verify ongoing technical and procedural compliance with organizational standards.

  • Assist organization in maintaining a security posture commensurate with the risk tolerance of the organization while meeting business objectives, and regulatory requirements.

  • Manage the tracking and periodic reviews of defined exceptions to security policies and standards.

  • Maintain relationships with internal and external audit and compliance agencies to facilitate execution of audits.

  • Participate and act as a point of contact for IT security risk assessment, customer due diligence questionnaires, audits, regulatory responses.

  • Track and report on IT audit and risk findings, including coordinating IT management forums for discussion and reporting of these findings.

  • Aid with the Allison Transmission Third Party Cyber Risk management program.

Key Performance Measures

  • Execute, manage, enhance, and implement processes to comply with IT regulatory and corporate requirements.

  • Lead the IT Security GRC team by managing the team’s workload, assigning tasks, reviewing deliverables, meeting the goals of the global organization.

  • Implement Governance, Risk, and Compliance (GRC) methodologies and tools to support structured, traceable, and repeatable processes.

  • Develop processes to efficiently collect data to demonstrate control effectiveness for security frameworks.

  • Develop, implement, and monitor reporting mechanisms for governance, security, and risk practices to support compliance and highlight areas of exposure.

  • Drive remediation efforts and recommendations as they relate to external and internal security audits.

  • Perform continuous monitoring and maintain Plans of Actions and Milestones (POA&Ms).

Qualifications

  • Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline.

  • Risk Management certification (e.g., CRISC, CISSP, CISA, CRCM, or CIPP) is highly desired but not required.

Experience

Required:

  • At least 3 years’ experience in Risk Management, Audit, Compliance, Information Security, or IT Governance

Preferred:

  • Understanding of SOX Controls and Requirements

  • Experience managing the design and execution of IT general controls

  • Experience developing System Security Plans (SSP) and maintaining Plans of Actions and Milestones (POA&Ms).

  • Experience applying cybersecurity and privacy principles to organizational requirements

  • Experience working with internal and external auditors

Scope

Responsible for:

  • Manage and oversee all activities related to IT security governance, risk management and compliance.

  • Analyze and implement risk and compliance management frameworks, policies, standards, and best practices in support of our Information Security Governance, Risk Management and Compliance Program.

  • Establishing governance and ensure global IT security regulatory compliance.

  • Keep current with regulations and prudential guidelines affecting information technology and information security, and continuously update corporate policies, standards, and procedures.

  • Coordinating efforts between IT and external audit firms to assist in scheduling, resource planning, and remediation efforts.

  • Develop formal written reports to communicate audit results and recommendations to management and business stakeholders.

  • Collaborate with other departments to direct security compliance issues to appropriate channels for investigation and resolution.

  • Engage with organizational stakeholders to develop and implement engaging and effective security and compliance training programs.

Primary Location:

Indianapolis, IN

Additional Locations:

Allison Transmission is an equal opportunity employer. We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at ati+ask4max@service-now.com .

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.

Allison Transmission is the world’s largest manufacturer of commercial-duty automatic transmissions and hybrid propulsion systems. Our products are specified by more than 300 of the world’s leading vehicle manufacturers and are used in a range of market sectors—from bus, refuse and emergency to construction, distribution and defense.

Allison was founded in 1915 in Indianapolis, Indiana, where the company’s global headquarters is still located. We have approximately 1,400 dealer and distributor locations, employ more than 2,700 people around the world and our international presence spans more than 80 countries.

Allison Transmission is an equal opportunity employer. We have opportunities for all qualified applicants regardless of age, race, color, sex, religion, creed, national origin, disability, sexual orientation, gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information, please contact us at 317-242-5000.

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.

DirectEmployers