Welcome page Returning Candidate? Log back in! Sr. Manager, Business Information Security (GRC) Job Locations US-OR-Lake Oswego ID 2025-3617 Company Greenbrier Leasing Company LLC Position Type Regular Full-Time Category Information Technology Workplace Type Onsite

At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services.

 

Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.

 

Greenbrier’s success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.

Summary

The Sr. Manager, Business Information Security (GRC), will lead the Business Information Security GRC team and report directly to the Deputy CISO. This role is critical in ensuring compliance with industry regulations, security frameworks, internal policies, and evolving legal and contractual obligations related to business systems and processes. Using the ISO 27001 framework, this role will manage governance, risk, and compliance (GRC) functions, foster a culture of security awareness, provide expert guidance, and proactively mitigate security risks within the business context.

 

Duties and Responsibilities

To perform this job successfully, an individual must be able to perform the following essential duties satisfactorily. Other duties may be assigned to address business needs and changing business practices.

 

Leadership & Management: 

Lead, mentor, and develop the Business Information Security GRC team, fostering a collaborative and high-performing environment. Set team goals, priorities, and performance metrics aligned with the organization's security strategy. Conduct performance reviews, provide feedback, and identify training opportunities. Oversee daily operations, ensuring efficient execution of tasks. Manage the GRC budget and resources effectively. 

Compliance Monitoring & Assessments:

Develop and maintain the organization's Business Information Security GRC program based on ISO 27001. Monitor and analyze global regulatory, legal, and contractual obligations that impact security posture. Conduct gap assessments and integrate findings into the risk assessment process. Oversee IT controls testing, risk assessments, compliance audits, and vulnerability management. Identify, evaluate, and mitigate security risks related to business processes and applications. Maintain policies, procedures, and documentation consistent with ISO 27001. Provide security and compliance reports to the Deputy CISO and stakeholders. Stay updated on emerging security threats, vulnerabilities, and regulatory changes. 

Collaboration & Communication:

Work with internal teams (IT, Legal, Audit, Business Units) to align security and compliance initiatives. Communicate complex GRC concepts clearly to both technical and non-technical audiences. Present program updates, risk assessments, and compliance reports to senior management and the board. Build and maintain strong relationships with external stakeholders, including auditors and regulators. 

Strategic Planning: 

Contribute to the organization’s security strategy, focusing on Business Information Security GRC. Identify opportunities to enhance the effectiveness and efficiency of the GRC program. Research and evaluate new GRC tools and technologies. 

Qualifications

The following generally describes requirements to successfully perform the assigned duties.

 

Minimum Qualifications

8+ years of experience in information security, GRC, or a related field. 5+ years of experience in a management or leadership role. Bachelor's degree in IT, Cybersecurity, Business Information Systems, or a related field. Strong knowledge of GRC principles, frameworks, and regulations (SOC 1 & 2, SOX, ISO 27001, NIST). Experience analyzing legal and contractual requirements related to data privacy and security. Expertise in risk management methodologies, specifically in business information security. Excellent leadership, communication, and interpersonal skills. Strong analytical, problem-solving, and decision-making abilities. Relevant certifications (CISM, CISSP, CIPP, CRISC, ISO 27001 Lead Auditor/Implementer).

Preferred Qualifications

Master’s degree in a related field. Experience with project management platforms. Expertise in process improvement and system implementations. Deep understanding of business applications (ERP, CRM, HRIS, supply chain management) and their security implications. Experience with controls auditing, security, and compliance systems related to business applications.

Work Environment and Physical Requirements

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Lake Oswego, Oregon, with possible travel

Physical Activities and Requirements 

Frequency Key

Not Applicable: Activity is not applicable to this occupation

Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)

Frequently: Occupation requires this activity from 33% - 66% of the time (2.5- 5.5+ hours/day)

Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)

 

Working Postures

Sit: FrequentlyStand: OccasionallyWalk: OccasionallyBend: Not ApplicableKneel/Squat: Not ApplicableCrawl: Not ApplicableClimb: Not ApplicableReach Forward: OccasionallyReach Upward: Not ApplicableHandling/Fingering: Frequently

Lift / Carry Requirements

5-10 lbs: Not Applicable10-25 lbs: Not Applicable25-50 lbs: Not Applicable50-75 lbs: Not Applicable75+ lbs: Not Applicable

Push / Pull Requirements

Up to 10 lbs: Not Applicable10-25 lbs: Not Applicable25-50 lbs: Not Applicable50-75 lbs: Not Applicable75+ lbs: Not Applicable

EOE including Vet/Disability

 

Click here for more information: Know Your Rights

 

Greenbrier makes reasonable accommodations in the application and hiring process for individuals with known disabilities, unless providing accommodation would result in an undue hardship. Any applicant believing that he or she may need reasonable accommodation for any part of the application and hiring process should contact Greenbrier Human Resources at careers@gbrx.com or call us at 503-684-7000.
 
-----------------------------------------------------------------
 
Email communication from The Greenbrier Companies (Greenbrier) will always come from a corporate email address that ends in @gbrx.com or from our applicant tracking system, iCIMS, after you have created a secure account and submitted your application. During the application process, you will create a secure account in our secure applicant tracking site that ends with “-gbrx.icims.com”. In this portal, we will ask you to provide your contact information, past employment history, education history and other job-related information.

Options Apply NowApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQs

Software Powered by iCIMS
www.icims.com