Job Information
Trane Technologies Sr Analyst, Cybersecurity Supply Chain in Davidson, North Carolina
Be a part of our mission! As a world leader in creating comfortable, sustainable, and efficient climate solutions for buildings, homes and transportation, it's our responsibility to put the planet first. For us at Trane Technologies (https://www.tranetechnologies.com/) , and through our businesses including Trane® (http://www.trane.com/index.html) and Thermo King (http://www.thermoking.com/na/en.html) , sustainability is not just how we do business—it is our business. Do you dare to look at the world's challenges and see impactful possibilities? Do you want to contribute to making a better future? If the answer is yes, we invite you to consider joining us in boldly challenging what's possible for a sustainable world.
Learn about our benefits (http://careers.tranetechnologies.com/global/en/benefits) designed for you to Thrive at work and at home.
We boldly go.
Where is the work:
Monday to Thursday, work onsite with your colleagues. Fridays, choose your work location, balancing what your work requires.
What’s in it for you:
Be a part of our mission! As a world leader in creating comfortable, sustainable, and efficient environments, it's our responsibility to put the planet first. For us at Trane Technologies, sustainability is not just how we do business—it is our business. Do you dare to look at the world's challenges and see impactful possibilities? Do you want to contribute to making a better future? If the answer is yes, we invite you to consider joining us in boldly challenging what's possible for a sustainable world.
As part of the Cybersecurity Risk and Compliance team, the Senior Analyst, Cybersecurity Supply Chain Risk Management will play an integral role in identifying, evaluating, and reporting on cybersecurity risks on suppliers and other key third parties in a manner that allows Trane Technologies to manage identified risks and meet regulatory and compliance requirements. This role reports to the Senior Manager, Cybersecurity Risk Management.
What you will do:
Conduct cybersecurity risk assessments of suppliers utilizing Trane Technologies’ supply chain risk management framework, including:
Review of inherent risk profiles.
Review of detailed security assessments and evidence.
Generation of assessment reports focused on key risks and control health.
Document and report on identified supplier risks associated with Trane Technologies’ business, products, systems and information assets.
Work closely with key stakeholders on identifying adequate risk reduction measures where required, and collaborating with technical SMEs as needed.
Coordinate with internal stakeholders such as Sourcing and Legal on assessment results and mitigation strategies.
Assist with the review of cybersecurity language included in contracts and agreements with suppliers.
Performs ongoing monitoring activities to ensure suppliers maintain appropriate security posture throughout the duration of engagement.
Reports on key risk indicators and metrics regarding supplier risk assessments.
Serve as a cybersecurity risk liaison to advise other IT and cybersecurity team members.
Continuously identify and implement improvements to the supply chain cybersecurity risk management framework in collaboration with the Senior Manager, Cybersecurity Risk Management.
What you will bring:
Bachelor’s degree in a related field preferred, and/or a minimum of 5-7 years of equivalent experience in Cybersecurity, IT Audit/Governance/Risk/Compliance, or similar role(s).
Solid technical understanding of cybersecurity concepts, standards, guidelines and principles, particularly with regards to cloud providers and Software as A Service (SaaS).
Effective project management and organizational skills, including managing multiple, concurrent projects and tasks.
Familiarity with multiple regulatory frameworks and controls such as ISO 27001, NIST-CSF and/or 800-53; SSAE 18/SOC2.
Strong critical thinking and analytical skills with the ability to apply technical requirements to operational/business controls and requirements.
Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority.
Demonstrated leadership skills with ability to communicate effectively and work independently, both as part of and leading a team.
At least one of the following certifications preferred: CISM, CISSP, CISA, CRISC.z
Travel: 5-10%.
Annual Base Salary Range or Hourly Base Pay Range:
$90,900.00 - $130,059.99
Compensation Type:
Salary
Incentive Eligible:
Yes
Sales Commisison Eligible:
No
Disclaimer : We strive to provide competitive compensation for this position, tailored to a variety of factors. The actual compensation will depend on elements such as seniority, merit, geographic location, education, experience, travel requirements, and union designation. Our compensation range is generally based on the national average for the country. Additionally, benefits may vary depending on the region, business alignment, union involvement, and employee status.
Safety Sensitive Role:
No
The company designates certain roles as Safety Sensitive. Safety Sensitive roles may require that you pass additional drug screening.
We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.