Governance Risk and Compliance Manager

What Timken makes possible begins with you.
Those who came before us helped land a man on the moon, create the world's infrastructure, and introduce renewable energy alternatives. Now you can join the Timken team to write your own unique story and help drive what's next.

A career at Timken means you can have an immediate impact doing Work That Matters to the world— improving the efficiency of today's industrial equipment and preparing for the future of motion on our planet and beyond. New employees can start contributing right away, and there are many opportunities to advance your career at your own pace. Join our global team of 19,000 people in 45 countries, and start helping our customers push the limits of what's possible in their world of motion.

The Governance Risk and Compliance Manager will be responsible for assessing if Timken’s IT assets are protected in accordance with all policies, controls, industry standards and frameworks. This role supports various business partners and departments in assessing compliance with applicable laws and regulations. They will work to develop, implement, and maintain a comprehensive information compliance program that encompasses all aspects of Timken’s Information Security program. This role will own Timken’s information security compliance program for ISO 27001 and CMMC. 

Responsibilities

• Own and operate the Information Security Management System (ISMS) aligned to ISO 27001 and lead CMMC certification efforts
• Define, maintain, and report program scope, objectives, success metrics, and multi-year roadmap for ISO and CMMC compliance
• Establish and run governance forums (e.g., ISMS steering committee, compliance working groups)
• Develop, update, and maintain ISMS documentation: Information Security Policy, Scope, Statement of Applicability (SoA), risk methodology, procedures, and work instructions
• Plan, coordinate, and execute compliance assessments, readiness assessments, and external certification assessments (ISO and CMMC); act as primary point of contact for assessors
• Ensure alignment of security objectives with business goals and legal/regulatory requirements
• Respond to inquiries from Timken customers and support the IT organization with various audits
• Research, and apply relevant laws, regulations, and industry standards to the organization's information systems and practices
• Train and educate employees on cybersecurity compliance requirements
• Stay up to date on emerging compliance issues
• Communicate cybersecurity risks and compliance requirements to senior management and business stakeholders
• Lead continuous improvement initiatives, implement lessons learned from audits and incidents, and mature compliance processes and tooling

Technical/Functional Skills

• Experience with a variety of compliance frameworks, such as HIPAA and PCI DSS
• Experience with cybersecurity frameworks, such as the NIST Cybersecurity Framework, ISO 27001, ISO 27002, CMMC and SOC2
• Proven track record with auditing and reporting
• Experience of implementing, operating and maturing cybersecurity compliance with relevant frameworks, standards and regulations
• Adept at planning, executing, and tracking compliance projects within allocated budgets.
• Demonstrated experience with internal audits and working with external certification bodies/assessors
• Excellent stakeholder management and communication skills; able to translate technical requirements to business leaders and vice versa
• Project management skills with ability to manage multiple concurrent initiatives and remediation efforts

Education

• Bachelor's in Business, Computer Science, Computer Engineering, or related discipline with a minimum of 8 years’ experience required
• Master's in Business, Computer Science, Computer Engineering, or related discipline with 12 years’ experience preferred

This position may require access to United States export controlled technical data (“CTD”) and hardware under the Departments of US State (ITAR) and/or Commerce (EAR).  Eligible candidates are; US Citizens, Green Card holders, Asylees or others eligible to receive US export license authorizations. Candidate must be authorized to work in the US.
 

All qualified applicants shall be treated equally according to their individual qualifications, abilities, experiences and other employment standards. There will be no discrimination due to gender or gender identity, race, religion, color, national origin, ancestry, age, disability, sexual orientation, veteran/military status or any other basis protected by applicable law.