General Electric Risk and Compliance Controller in Washington, District Of Columbia
At GE Transportation at http://www.getransportation.com/ , we move the world. We
are a global digital industrial leader and supplier to the rail, mining, marine, stationary power and drilling
industries. Our solutions help customers deliver goods and services with greater speed and greater savings using
our advanced manufacturing techniques, industry expertise and connected machines. Established more than a
century ago, GE Transportation is a division of GE that began as a pioneer in passenger and freight locomotives.
That innovative spirit still drives GE Transportation today. It's the engine of change that puts us at the forefront of
transportation technology, software, and analytics. And it's why we continue to find-and realize-the potential that
keeps our connected world moving forward. The GE Transportation Global Headquarters is located in Chicago,
Illinois. There are over 65 service sites worldwide.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
The Risk and Compliance Controller is a strategic role that will be instrumental in both the running operations of enterprise governance and risk management as well as a key participant in the divestiture readiness. This role provides technology vision and leadership to develop the right digital technology
strategies that align with horizontal services products, innovate new capabilities and frameworks
for our customers and shape the culture of the team.
This leader will have accountability for providing strategic direction in the development, implementation, and maintenance policies, standards, controls and a risk framework to document and prioritize IT risks to the organization for ensuring that information technology systems and processes are in compliance with applicable information security frameworks and data protection regulations and standards and readiness for divestiture.
The individual will lead a small team and work with individuals in various departments and at all levels of the company to ensure risks are identified, quantified, understood and reported, so that they can be appropriately addressed and managed. As well as monitoring developments in the information security industry including vendor strategies and communicate on the potential impact on or applicability to the organization.
Primary interface with stakeholders - including Technology Engineering & Operations, Legal & Compliance, Operational Risk, Line of Business and Internal/External Audit Regulators during the Audit/Exams
Lead the development and implementation of the system-wide risk management function of the IT department to ensure risks are identified and monitored
Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company’s information and technology systems. associated with divestiture project, 3rd parties, and enterprise IT
Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
Define and prioritize governance and risk management plans; formalizes longterm strategy and implementation plans and partners with cybersecurity team for the development of a cohesive strategy
Ensures that assessment functions periodically review key programs related to information protection to obtain independent assessments of the security progress effectiveness Lead efforts to mature disaster recovery and business continuity functions of business-critical systems and underlying infrastructure
Manage and execute annual DR/BCP testing to ensure critical systems and applications can fail over to secondary data-center
Identify gaps in DR/BCP program and develop a plan to remediate in alignment with key business processes and needs
Manage financial and resourcing constraints; define budgets and targets for individual projects and annual plans for the entire organization
Partner with leadership of technical and functional teams external to the organization to ensure sufficient support and engagement
Manage executive stakeholder communication and progress reporting Qualifications/Requirements: Basic Qualifications:
Bachelor's Degree in Information Systems, Information Technology (IT), Computer Science, or Engineering or 4 years of IT technical experience
Minimum 10 years of IT professional experience with increasing leadership and management responsibilities for information systems and information technology
CISSP, CISM, CRISC, SANS GIAC or other relevant certification (or equivalent experience)
Minimum 5 years leading large cross business enterprise initiatives.
Minimum 2+ years of experience in IT Security Risk Management, Gap Assessment, or Controls Maturity Measurement Eligibility Requirements:
Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills
Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen
Ability and willingness to travel 30% of the time. Desired Characteristics:
Proven experience of working with executive-level stakeholders to define overall IT security and risk strategy and managing large portfolio of initiatives
5+ years of experience in Technology Governance, Risk Management, and Controls, Cybersecurity or related fields
Subject Matter Expert on Audits, Controls, and Risk management practices, provide consulting/advisory services to stakeholders
Strong ability to optimize performance and manage in resource-constrained environments
Experience in strategic planning and execution, including diligence, acquisition, and integration
Excellent influencing, interpersonal and communications skills (both written and verbal) with all levels of an organization
Strong track record of understanding and interest in current and emerging technologies demonstrated through training, job experience and/or industry activities
Strong team player – collaborates well with others to solve problems and actively incorporates input from various sources • Experience working with others on a global basis
Applies knowledge to coach and mentor others
Demonstrated customer focus – evaluates decisions through the eyes of the customer, builds strong customer relationships, creates processes with customer viewpoint and partners with customers to help shape their future initiatives
Strong analytical and strong problem-solving skills - communicates in a clear and succinct manner and effectively evaluates information/data to make decisions, anticipates obstacles and develops plans to resolve, creates actionable strategies and operational plans Change oriented – actively generates process improvements, champions and drives change initiatives, confronts difficult circumstances in creative ways, balances multiple and competing priorities and executes accordingly#DTR Locations: United States; Florida, Georgia, Illinois, Pennsylvania, Texas; Chicago, Erie, Fort Worth, Melbourne, AtlantaGE will only employ those who are legally authorized to work in the United States for this opening.