Open to anywhere in the US and remote work option
Do you want to help save the planet? Do you want to directly contribute to an organization committed to reduce its customer carbon footprint by 1 Gigaton of Carbon Dioxide? As a world leader in creating comfortable, sustainable and efficient environments, it’s our responsibility to put the planet first. For us at Trane Technologies, sustainability is not just how we do business—it is our business. Sustainability is at the center of our strategy and influences how we make every decision.
Our Thermo King business is connecting our transport HVAC and refrigeration products and providing digital solutions to help our customers efficiently protect drivers, passengers, and cargo. Using our connected solutions, our customers reduce fuel consumption, carbon emissions, and downtime while increasing the comfort and safety of passengers and shelf life of cargo, including essential cargo like food and pharmaceuticals.
We are hiring an experienced Sr. Security and Compliance Lead, who will be responsible for ensuring that Thermo King’s connected products are secure, compliant with internal policies and external regulations, and provide capabilities that facilitate customer regulatory compliance. Security responsibilities include proactive security measures during development of new products and features, as well as ongoing security assessment and assurance for existing solutions. Compliance responsibilities include implementation and assessment of internal controls, support for internal and external audits, and definition, execution, and assessment of solutions to ensure compliance with external regulations. In addition, the Security and Compliance leader will monitor regulatory trends and identify solutions that ease customer compliance with applicable regulations, including food safety regulations like FSMA and environmental regulations like those issued by CARB.
- Learn and adapt to our security strategies, security goals, security objectives and security capabilities to provide a mature and effective vulnerability management methodology
- Provide strategies on vulnerability, configuration, and cloud security scanning
- Advice on policy creation based on industry benchmarks and security practices
- Provide technical authority, vision, and guidance to ensure the continued evolution of Thermo King Connected Solutions security vulnerability program
- Monitor endpoint security trends and emerging security threats and recommend changes to policy, procedures and tools
- Establish strong working relationships with different parts of the business to provide guidance on remediation of findings
- Drive operational efficiency and effectiveness for areas of responsibility, ensuring strong documentation, knowledge overlaps, and metrics-driven action, with an emphasis on automation and scalable solutions
- Work cross-functionally with product management and distributed systems engineering teams to complete large scale projects with impact across the company
- Adapt to change quickly and eagerly: changing requirements, changing priorities, changing strategies
- Advocate security and secure practices throughout Thermo King
- Utilize dynamic and static analysis software tools (DAST/SAST) to identify vulnerabilities and configuration issues
- Design, implement, administer, and test firewalls, software, and/or hardware.
- Consult with development teams to implement best practices
- Perform analysis of access control and violations.
- Perform audits to ensure compliance with internal security standards and regulatory requirements.
- Prepare detailed written analyses of findings and recommend remediation/prevention solutions.
- Review, monitor, and understand internal controls policies and procedures and apply them to the procedures used for development and operation of Thermo King’s connected solutions
- Review, monitor, and understand external regulations, ensuring compliance by Thermo King’s connected solutions, including data privacy and protection of Thermo King’s intellectual property and the intellectual property of others
- Monitor external regulations affecting Thermo King’s customers, including food safety regulations like FSMA and environmental regulations like those issued by CARB, and recommend solution capabilities to ease compliance by our customers
- 10+ years’ experience in cyber security with proven application security experience
- 2+ years of public cloud experience
- Bachelor’s degree in management of information systems, computer science, engineering or relevant field
- Knowledge and understanding of Vulnerability Management and Security Testing lifecycles, processes, and procedures
- Experience with Cloud Security and deploying enterprise-wide controls in AWS preferred
- Experience troubleshooting issues and providing customer support
- Ability to translate strategic or operational goals to technical and tactical requirements and architectures
- Fundamental understanding of accepted security practices, known attack vectors, and vulnerability assessment methodologies
- Strong understanding of Information Security principles and technologies
- Experience with networks, firewalls, endpoint protection, log management, and patch management preferred
- Familiarity with industry blogs, key publications in the field of security, and awareness of any recent significant security events
- Security certification such as SANS/ GIAC, or Certified Information Systems Security Professional (CISSP), or equivalent
- Knowledgeable in performing programming and scripting tasks.
- Experience with DAST/SAST methodologies and tools
- Experience with architecture and design of modern applications and web services
- Knowledge and understanding of one or more: Checkmarx, Veracode, Fortify, BurpSuite Pro, AppScan, HTML, XML, Java, JSP, Web Development
- Familiarity with regulations in North America related to data privacy, food safety, environmental protection, and intellectual property]
If interested, please apply at Sr. Security and Compliance Lead (indeed.com)