IT Governance, Risk, and Compliance Manager

Trinity Industries is hiring an IT Governance, Risk, and Compliance Manager in our Dallas, TX office.

The IT Governance, Risk, and Compliance (IT GRC) Manager functions within the Information GRC (IGRC) team, reporting to the Senior Director of IGRC within the Information Risk Management organization.

The IT GRC Manager will be responsible for the execution of the Trinity IT Compliance Assessment Program (TICAP), to include analyzing IT processes, risks, and controls, collaborating on the design and implementation of controls to mitigate risk, performing root cause analyses, identifying improvement opportunities, managing projects in support of annual compliance assessments, and recommending achievable action plans.

This position will support Trinity’s audit partners and business customers to include the Chief Audit Executive, Chief Information Officer, and Chief Information Security Officer.

The ideal candidate will have a solid understanding of IT systems, IT Service Management (ITSM), cybersecurity, and information risks and will understand the regulatory impact of changes to applications and infrastructure.

What you will do :

• Continuously evaluate IT activities aimed at reducing cyber and compliance risks
• Manage IT process and control documentation for regulatory compliance (ITGC, risk control matrix, process flowcharts, etc.

and support SOX and regulatory requirements for Oracle, OS400, SQL, and other IT systems

• Manage IT process and control documentation for internal policy compliance and support TICAP objectives for alignment with enterprise risk appetites
• Gain a comprehensive understanding of compliance requirements and become a trusted Subject Matter Expert (SME) in advising IT and business leaders on how to navigate cyber and technology risks
• Evaluate and report on the effectiveness of managed service providers in executing outsourced information security and compliance activities
• Assess alignment of IT controls across multiple frameworks, such as COBIT, ITIL, and NIST, to ensure comprehensive coverage
• Be the main point of contact for the Information Technology (IT) team for all internal and external audit requirements.

Act as the primary liaison between the IT staff and corporate internal and external audit resources.This includes oversight of internal and external audit engagements, managing issue mitigation, tracking remediation, and reporting

Managerial Responsibilities

• Manage the daily activities of two IT GRC Specialists, including performance reviews, time sheet approvals, goal setting, and professional development
• Foster a collaborative and productive team environment, ensuring effective communication and coordination within the team
• Provide mentorship and guidance to team members, assisting in their career growth and skill development
• Oversee the allocation and prioritization of team tasks and projects, ensuring alignment with organizational objectives
• Act as a point of escalation for complex issues or challenges faced by the team

What you will need :

• Bachelors or Technical Degree, Preferred (Computer Science, Information Systems, Business administration, or other industry related curriculum) / Industry equivalent experience with certifications or specialized training will be considered
• Minimum of six - nine years of IT audit / compliance, risk assurance, IT advisory, or internal audit experience.With three years of experience leading a team
• Broad understanding of all IT areas, including infrastructure, system development life cycle (SDLC), auditing, and internal controls
• Certification in one or more of the following is desired : ITIL, ISO 27000, COBIT, CISSP, SANS, CISA, Security+, CMMC
30+ days ago