Governance Risk and Compliance Manager

What Timken Makes Possible Begins With You.Those who came before us helped land a man on the moon, create the world's infrastructure, and introduce renewable energy alternatives. Now you can join the Timken team to write your own unique story and help drive what's next.A career at Timken means you can have an immediate impact doing Work That Matters to the world— improving the efficiency of today's industrial equipment and preparing for the future of motion on our planet and beyond. New employees can start contributing right away, and there are many opportunities to advance your career at your own pace. Join our global team of 19,000 people in 45 countries, and start helping our customers push the limits of what's possible in their world of motion.The Governance Risk and Compliance Manager will be responsible for assessing if Timken’s IT assets are protected in accordance with all policies, controls, industry standards and frameworks. This role supports various business partners and departments in assessing compliance with applicable laws and regulations. They will work to develop, implement, and maintain a comprehensive information compliance program that encompasses all aspects of Timken’s Information Security program. This role will own Timken’s information security compliance program for ISO 27001 and CMMC.ResponsibilitiesOwn and operate the Information Security Management System (ISMS) aligned to ISO 27001 and lead CMMC certification effortsDefine, maintain, and report program scope, objectives, success metrics, and multi-year roadmap for ISO and CMMC complianceEstablish and run governance forums (e.g., ISMS steering committee, compliance working groups)Develop, update, and maintain ISMS documentation: Information Security Policy, Scope, Statement of Applicability (SoA), risk methodology, procedures, and work instructionsPlan, coordinate, and execute compliance assessments, readiness assessments, and external certification assessments (ISO and CMMC); act as primary point of contact for assessorsEnsure alignment of security objectives with business goals and legal/regulatory requirementsRespond to inquiries from Timken customers and support the IT organization with various auditsResearch, and apply relevant laws, regulations, and industry standards to the organization's information systems and practicesTrain and educate employees on cybersecurity compliance requirementsStay up to date on emerging compliance issuesCommunicate cybersecurity risks and compliance requirements to senior management and business stakeholdersLead continuous improvement initiatives, implement lessons learned from audits and incidents, and mature compliance processes and toolingTechnical/Functional SkillsExperience with a variety of compliance frameworks, such as HIPAA and PCI DSSExperience with cybersecurity frameworks, such as the NIST Cybersecurity Framework, ISO 27001, ISO 27002, CMMC and SOC2Proven track record with auditing and reportingExperience of implementing, operating and maturing cybersecurity compliance with relevant frameworks, standards and regulationsAdept at planning, executing, and tracking compliance projects within allocated budgets.Demonstrated experience with internal audits and working with external certification bodies/assessorsExcellent stakeholder management and communication skills; able to translate technical requirements to business leaders and vice versaProject management skills with ability to manage multiple concurrent initiatives and remediation effortsEducationBachelor's in Business, Computer Science, Computer Engineering, or related discipline with a minimum of 8 years’ experience requiredMaster's in Business, Computer Science, Computer Engineering, or related discipline with 12 years’ experience preferredThis position may require access to United States export controlled technical data (“CTD”) and hardware under the Departments of US State (ITAR) and/or Commerce (EAR). Eligible candidates are; US Citizens, Green Card holders, Asylees or others eligible to receive US export license authorizations. Candidate must be authorized to work in the US.All qualified applicants shall be treated equally according to their individual qualifications, abilities, experiences and other employment standards. There will be no discrimination due to gender or gender identity, race, religion, color, national origin, ancestry, age, disability, sexual orientation, veteran/military status or any other basis protected by applicable law.