Trinity Industries is searching for a talented team player to fill the role of Information Governance, Risk and Compliance Analyst in our Dallas, Texas HQ!
The Information Governance, Risk, and Compliance (GRC) Analyst supports one or more primary functions within the Information GRC (IGRC) organization. Reporting to the Sr. Director, IGRC within the Information Risk Management organization this individual is responsible for the day-to-day execution of core IGRC work activities and providing support to accomplish enterprise objectives in support of legal, regulatory, and information security requirements.
The primary job functions of this role include the facilitation of risk assessments and risk management functions, performance of and reporting on compliance evaluations, the creation and documentation of enterprise policies, processes, and standards, and enterprise document management. The secondary job functions of this role include eDiscovery support and records management support.
What you will do:
Assist with exception management activities related to enterprise policies and directives Support risk assessment activities in vendor due diligence, third party risk management, and IT project operations Document and communicate enterprise Information Risk Management policies, processes, procedures, standards, and requirements Assist in preparing reports and summaries of IGRC program for executive review Help establish and maintain enterprise document management systems Stay informed of present and emerging regulatory concerns and information security trends Help maintain enterprise information risk register and maturity assessments Interface and interact with business leadership to include Legal, Compliance, IT, and Operations Work in collaboration with the Cyber Defense Center to assess computer hardware, software, and systems for security risks or violations Support strategies to address security awareness and training across a global enterprise including remote staff and geographically separated locationsWhat you’ll need:
Bachelor’s or equivalent and 2+ years’ experience in IT field required, Experience in GRC organizations is preferred Experience with manufacturing or digital services is a plus Relevant certifications (CISM, CISA, CISSP, or equivalent) are a plus but not required Experience with technical editing desired Excellent oral and written communication skills Experience with multi-national/global enterprises is a plus High personal integrity and confidentiality High attention to detail Familiarity with one or more of the following frameworks and regulations is a plus:o NIST CSF
o NIST RMF
o SOX
o GDPR
o HIPAA
o PCI-DSS
o COBIT
o ITIL