Senior Analyst, Cybersecurity Third Party Risk Management

Davidson NC 800E Beaty St, Davidson, North Carolina, United States

New

General

Requisition # 2208178

Total Views 14

AtTrane TechnologiesTM and through our businesses includingTraneandThermo King, we create innovative climate solutions for buildings, homes, and transportation that challenge whats possible for a sustainable world. Were a team that dares to look at the worlds challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go.

Job Summary

As part of the Cybersecurity Governance, Risk, and Compliance (GRC) team, the Senior Analyst, Cybersecurity Third Party Risk Management will play an integral role in identifying, evaluating, and reporting on cybersecurity risks on suppliers and other key third parties in a manner that allows Trane Technologies to manage identified risks and meet regulatory and compliance requirements. This role reports to the Lead, Cybersecurity Risk Management.

The ideal candidate for this role has both the technical expertise and leadership skills to influence and seamlessly collaborate across multiple stakeholder groups.

Responsibilities:

• Conduct cybersecurity risk assessments of suppliers utilizing Trane Technologies third party risk management framework, including:

• Review of inherent risk profiles

• Review of detailed security assessments and evidence

• Generation of assessment reports focused on key risks and control health

• Document and report on identified supplier risks associated with Trane Technologies business, products, systems and information assets

• Work closely with key stakeholders on identifying adequate risk reduction measures

where required, and collaborating with technical SMEs as needed

• Coordinate with internal stakeholders such as Sourcing and Legal on assessment results and mitigation strategies

• Performs ongoing monitoring activities to ensure suppliers maintain appropriate security posture throughout the duration of engagement

• Reports on key risk indicators and metrics regarding supplier risk assessments

• Serve as a cybersecurity risk liaison to advise other IT and cybersecurity team members

• Continuously identify and implement improvements to the third-party cybersecurity risk management framework in collaboration with the Lead, Cybersecurity Risk Management

• Assist with implementing the third-party cybersecurity risk management process in a GRC solution

Qualifications:

• Bachelors degree in a related field preferred, and/or a minimum of 5-7 years of equivalent experience in Cybersecurity, IT Audit/Governance/Risk/Compliance, or similar role(s)

• Solid technical understanding of cybersecurity concepts, standards, guidelines and principles, particularly with regards to cloud providers and Software as A Service (SaaS)

• Effective project management and organizational skills, including managing multiple, concurrent projects and tasks

• Familiarity with multiple regulatory frameworks and controls such as ISO 27001, NIST-CSF and/or 800-53; SSAE 18/SOC2

• Strong critical thinking and analytical skills with the ability to apply technical requirements to operational/business controls and requirements

• Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority

• Demonstrated leadership skills with ability to communicate effectively and work independently, both as part of and leading a team

• At least one of the following certifications preferred: CISM, CISSP, CISA, CRISC

• Travel: 5-10%

Target Base Compensation Range is $81,000 - $170,000 annually. Total compensation for this role also will include an incentive plan. *Disclaimer: This base salary range is based on US national averages. Actual base pay could be a result of seniority, merit, geographic location where the work is performed.

We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.

We offer competitive compensation and comprehensive benefits and programs that help our employees thrive in both their professional and personal lives. We are proud of our winning culture which is inclusive and respectful at its core. We share passion for serving customers, caring for others, and boldly challenging whats possible for a sustainable world.

We are committed to achieving workforce diversity reflective of our communities. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.