SIGN IN
Sr. Security GRC Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

The Greenbrier Companies · 6 hours ago

Sr. Security GRC Analyst

positionLake Oswego, OR
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp
The Greenbrier Companies is a leading designer, manufacturer, and supplier of freight rail transportation equipment and services. The Sr. Security GRC Analyst supports the IT Compliance program and audit activities, serving as the first line of defense by monitoring and maintaining IT controls related to compliance. This role requires collaboration with cross-functional teams and strong knowledge of IT control frameworks.
ConstructionManufacturingRailroadTransportation
check
H1B Sponsor Likelynote

Responsibilities

Audit Preparations and Auditor Access: Bulk upload SOX/SOC audit requests to centralized tool during interim and roll-forward testing periods. Coordinate auditor access to Greenbrier systems, as needed
Audit Evidence Request Monitoring: Monitor audit evidence request tickets in centralized tool to ensure responses to auditors meet agreed upon milestones. Facilitate evidence request issues and coordinate meetings between IT stakeholders and relevant auditors
Compliance Liaison: Liaison between control owners and auditors/assessors for the evidence collection process and audit testing follow-ups. Assist Control Owners with evidence requests from auditors. Schedule meetings as needed
Control Automations: Facilitate and drive progress on control automation efforts, coordinating with subject matter experts, control owners, and automation teams
Control Changes: Ensure control description and design changes and relevant procedure documentation get updated into the GRC tool master control list in a timely manner
Control Failure Triage: Work with control owners/performers to perform root cause analyses on control issues and deficiencies, initiate risk-based remediation plans, and follow escalation procedures. May facilitate control remediation execution
Control Improvements: Support and implement control improvements, automation, and update relevant documentation, at the direction of management
Control Monitoring: Using GRC Tool, monitor SOX/SOC controls for adequate completion by Control Owners and performers and secondary reviewers. Create dashboards for monitoring metrics by global region (U.S. vs. Europe)
Control Remediations: Design and track all assigned remediation plans through to timely completion. Provide status updates of remediation plans to key stakeholders within the organization. Document as needed
Escalations: Proactively monitor audit follow-ups to identify potential control issues or failures, and missing or unavailable evidence, and follow internal escalation protocols immediately so GRC can triage
GRC Consultations: Provide audit, control, and evidence guidance to internal security and IT teams; Partner with internal and external stakeholders to assist the IT organization during audits
GRC Tool Enhancements: Enhance GRC tool usage for IT control monitoring at the direction of the Sr. Manager - GRC; Onboard recurring and new controls to GRC Tool evidence request library and set recurring notifications. Work with vendor on system enhancements desired
Meeting Attendance: Attending weekly meetings with external and internal auditors, all control walkthroughs and follow-ups, as needed
Procedure Documentation: Create SOX/SOC Control Procedures. Upload to GRC Tool
Risk Management Support: Facilitate certain tasks that support our Risk Management and Third Party Risk Management Programs such as monitoring risk reviews due and risk assessments for completion, setting up meetings and coordinating with key stakeholders
Auditor Interactions: Negotiation with auditors, issue management, productive and constructive communication with auditors
Communicative: Highly responsive and collaborative. Skilled at conflict resolution
Problem Solving: Think strategically and solve problems effectively, partner with specialists to design effective, reliable controls, as much as possible. Ability to ask the right questions and understand complex technical topics
Trust Building: Excellent cross-cultural relationship and trust building, superb communication, and strong organizational skills
Task Management: Ability to prioritize and track multiple projects in parallel
Manage the micro projects and push tasks forward assigned to you utilizing Greenbrier tasking tools available
Proactively communicate task blockers and project issues
Identify tasks needed, self-prioritize based on goals of the team, and proactively seek information to keep projects moving with ease

Qualification

IT audit experienceSOX complianceSOC complianceIT control frameworksExcel proficiencyRisk managementGRC tool usageTechnical writingCISA certificationCISSP certificationCPA certificationNIST CSF understandingISO 27001 understandingTrust buildingTask managementBilingual in EnglishSpanishCommunication skillsProblem solving

Required

Bachelor's degree in Information Systems or a related field required
5+ years of IT audit experience at professional CPA firm, experienced at testing ITGCs for SOX Compliance and/or IT Controls for SOC-1 and SOC-2 compliance, or 8+ years in an IT GRC function, performing and/or implementing ITGCs for SOX Compliance and/or IT Controls for SOC-1 and SOC-2 Compliance
Proficiency in Excel (performing data manipulations such as pivots and macros, familiar with special formulas)
Proficiency in Microsoft Word is a must
Strong understanding of IT control requirements for IT SOX ITGC and SOC-1 and SOC-2 compliance
Excellent technical writing; hands on experience with documenting for audit purposes and procedure writing

Preferred

CISA, CISSP, CPA, or other relevant certifications are preferred
1+ years experience performing 3rd Party SOC Report Reviews, or performing SOC examinations and SOC reporting
Experience performing or facilitating risk management and/or vendor risk assessment processes
Bilingual in English and Spanish
Understanding of security frameworks such as NIST CSF, ISO 27001

Company

The Greenbrier Companies

twittertwittertwitter
company-logo
The Greenbrier Companies is a leading supplier of rail transportation equipment and services, powering the movement of products around the world.
dateFounded in 1981
location
Lake Oswego, Oregon, USA
people-size10001+ employees
web-link
https://www.gbrx.com/

H1B Sponsorship

The Greenbrier Companies has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (1)
2022 (1)

Funding

Current Stage
Public Company
Total Funding
$823.75M
2026-02-04Post Ipo Debt· $300M
2022-08-03Post Ipo Debt· $150M
2021-04-20Post Ipo Debt· $373.75M

Leadership Team

leader-logo
Lorie Tekorius
President and Chief Executive Officer
linkedin
leader-logo
Adrian Downes
Consultant
linkedin

Recent News

PR Newswire
Greenbrier Names Travis Williams as Head of Investor Relations
2026-01-15
PR Newswire
Greenbrier CEO Lorie Tekorius to Present at MARS 2026 Winter Meeting
2026-01-07
Canadian National Railway
Building A Sustainable Future: CN Publishes Sustainability Report
2025-12-02
Company data provided by crunchbase