IT Manager Security Control & Compliance

JOIN THE TEAM THATS POWERING PROGRESS

Building cities. Driving commerce. Fueling Progress. For over 100 years Allison has powered the vehicles and technology that move our world forward.

What powers us Our employees. From the first person hired by James Allison in 1915 to the thousands across the globe who work for Allison today were driving progress everywhere because we employ top talent both the Allison Transmission and Allison Off-Highway Drive and Motion Systems business units our team strives to Improve the Way the World Works.

Learn more about this role and how you can begindriving your career forward!

Benefits:

The below list features some of the benefits currently available. Eligibility may be subject to the terms and conditions of governing documents and available benefits may be subject to change at the companys discretion.

• Choice of medical plans with prescription coverage

• Employer HSA contribution

• Dental & Vision Insurance

• Paid Parental Leave

• Short & Long-Term Disability

• Other voluntary benefits including: Critical Illness Hospital Indemnity Identity Theft Protection and Pet Insurance

• 401K with generous Company match & contribution

• Accrued Paid Time Off

• 12 Paid Holidays 1 Floating Holiday

• Robust employee wellness program

• Tuition assistance program

Job Description:

Position Overview

The Manager of Governance Risk & Compliance (GRC) will lead Allison Transmissions enterprise GRC function within the IT Security organization. This role is responsible for developing implementing and overseeing governance frameworks risk management practices and compliance programs that safeguard the organizations information assets while enabling business objectives. The successful candidate will collaborate across business units external partners and regulators to ensure alignment with internal policies contractual requirements and global standards.

Key Responsibilities

• Governance: Oversee the management and operations of the GRC program ensuring processes are efficient scalable and auditable.

• Liaison: Serve as the primary liaison for business engagement on security governance topics and drive external collaboration with auditors and regulators.

• Risk Management: Define and manage the organizations risk appetite in alignment with executive leadership while conducting enterprise risk assessments. Framework Alignment: Manage and coordinate internal and external audits for CMMC NIS2 TISAX SOX NIST and ISO frameworks ensuring full remediation of findings.

• Policy & Personnel: Lead the development and maintenance of security policies and oversee personnel security programs including access certifications and role-based controls.

• Training & Culture: Design and deliver security training programs for all end users and specialized IT functions to promote a strong culture of security awareness.

• Cross-Functional Leadership: Partner with Finance Legal and Engineering business lines to translate technical risks into actionable business impacts.

• Promote a strong culture of security awareness across the organization.

Key Performance Measures:

• Audit Readiness: 100% compliance with scheduled external audits (CMMC SOX TISAX ISO) with zero Critical findings.

• Risk Mitigation: Reduction in the organizations residual risk profile through timely mitigation of identified vulnerabilities.

• Training Completion: Achievement of >95% completion rate for annual security and role-based training programs.

• Framework Maturity: Measurable year-over-year improvement in the maturity levels of the CMMC and NIS2 programs.

Qualifications:

• Strong understanding of IT governance risk management and compliance frameworks.

• Expertise in policy development risk assessments and audit management.

• Demonstrated ability to partner with business leaders and translate technical risks into business impacts.

• Strong communication collaboration and leadership skills.

• Familiarity with the following regulatory and industry standards/frameworks:

o CMMC (Cybersecurity Maturity Model Certification)

o NIST SP 800-171

o NIS2 Directive

o ISO/IEC 27001

Experience:

Years of Experience: Minimum of 710 years of progressive experience in IT Security Governance Risk or Compliance.

Leadership: Proven track record of leading teams and managing complex multi-year security initiatives.

Framework Expertise: Deep expertise in CMMC NIST SP 800-171 NIS2 Directive ISO/IEC 27001 TISAX and SOX.

Communication: Exceptional communication and collaboration skills with the ability to influence stakeholders across different business lines.

Strategic Alignment: Demonstrated ability to partner with business leaders and translate technical risks into business impacts.

Scope Factors:

People: Directly manages the GRC team and oversees indirect reports/contractors during audit cycles.

Geography: Responsible for global compliance across US Headquarters and international sites (e.g. ensuring NIS2 and TISAX compliance in relevant regions).

Allison Transmission is an equal opportunity employer. We have opportunities for all qualified applicants regardless of age race color sex religion creed national origin disability sexual orientation gender identity/expression or veteran status.

If you are an individual with a disability or a disabled veteran requiring assistance and/or reasonable accommodations reviewing any of the careers information please contact us at .

Please note that Allison Transmission will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Allison Transmission will not solicit money or banking information from applicants.