At Greenbrier, we do the hard work that matters. The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services.
Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization. We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.
Greenbrier’s success begins with people. We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.
Summary
The Deputy CISO will be reporting to the VP, CISO & Enterprise Reliability Engineering, they will play a critical role in shaping and implementing our IT and OT cybersecurity strategy. This is a hands-on leadership position that requires a strong understanding of cybersecurity frameworks, risk management principles, and a passion for building a robust security culture.
Duties And Responsibilities
To perform this job successfully, an individual must be able to perform the following essential duties satisfactorily. Other duties may be assigned to address business needs and changing business practices.
Governance, Risk & Compliance
- Oversee compliance with IT SOX, SOC 2, and ISO 27001 frameworks.
- Lead annual NIST CSF maturity assessments and drive continuous improvement initiatives.
- Develop and maintain security policies, standards, and procedures.
- Conduct risk assessments and identify vulnerabilities across IT and OT environments.
- Collaborate with internal and external audit teams.
Cyber Incident Response
- Serve as the Cyber Incident Commander, leveraging Expel.io MDR and internal resources.
- Develop and maintain incident response plans and playbooks.
- Lead incident response activities, including investigation, containment, eradication, and recovery.
- Conduct post-incident analysis and identify areas for improvement.
Vulnerability Management
- Oversee the IT vulnerability management program, including vulnerability scanning, assessment, and remediation.
- Develop and implement an OT cybersecurity program to address the unique security challenges of industrial control systems.
Security Awareness & Training
- Stay abreast of the changing threat landscape and threat intelligence.
- Analyze security tool data and employee behavior patterns to develop targeted security awareness programs.
- Deliver engaging and effective security awareness training to employees, contractors, and third parties.
- Focus on correcting user behavior, enforcing security policies, and promoting a security-first culture.
Risk Management Committee
- Co-chair the global IT and cyber risk management committee with the VP, CISO & Enterprise Reliability Engineering.
- Facilitate risk identification, assessment, and mitigation strategies.
- Report on key security metrics and risk posture to senior leadership.
Leadership & Collaboration
- Provide leadership and mentorship to security team members.
- Collaborate effectively with IT, OT, and business stakeholders to ensure alignment on security initiatives.
- Build strong relationships with external partners, including vendors and law enforcement.
Qualifications
The following generally describes requirements to successfully perform the assigned duties.
Minimum Qualifications
- Bachelor's degree in Cybersecurity, Information Technology, or a related field.
- 10+ years of experience in cybersecurity, with at least 5 years in a leadership role.
- Strong understanding of cybersecurity frameworks (NIST CSF, ISO 27001, SOC 2, IT SOX).
- Experience with incident response, vulnerability management, and security awareness training.
- Knowledge of industrial control systems (ICS) and OT cybersecurity best practices.
- Excellent communication, interpersonal, and presentation skills.
- Strong analytical and problem-solving abilities.
- Proven ability to lead and motivate teams.
- Self-starter with a strong work ethic and a passion for cybersecurity.
- Effective and efficient communicator, capable of conveying complex technical information to diverse audiences.
- Leader dedicated to empowering and developing team members.
- Strong commitment to continuous learning and professional development.
Preferred Qualifications
- CISSP, CISM, or other relevant security certifications are highly desirable.
Work Environment And Physical Requirements
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- This is a job in an office environment.
Physical Activities And Requirements
Frequency Key
Not Applicable: Activity is not applicable to this occupation
Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)
Frequently: Occupation requires this activity from 33% - 66% of the time (2.5- 5.5+ hours/day)
Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)
Working Postures
- Sit: Frequently
- Stand: Occasionally
- Walk: Occasionally
- Bend: Not Applicable
- Kneel/Squat: Not Applicable
- Crawl: Not Applicable
- Climb: Not Applicable
- Reach Forward: Occasionally
- Reach Upward: Not Applicable
- Handling/Fingering: Frequently
Lift / Carry Requirements
- 5-10 lbs: Occasionally
- 10-25 lbs: Not Applicable
- 25-50 lbs: Not Applicable
- 50-75 lbs: Not Applicable
- 75+ lbs: Not Applicable
Push / Pull Requirements
- Up to 10 lbs: Occasionally
- 10-25 lbs: Not Applicable
- 25-50 lbs: Not Applicable
- 50-75 lbs: Not Applicable
- 75+ lbs: Not Applicable
EOE including Vet/Disability
Click here for more information: Know Your Rights
Greenbrier makes reasonable accommodations in the application and hiring process for individuals with known disabilities, unless providing accommodation would result in an undue hardship. Any applicant believing that he or she may need reasonable accommodation for any part of the application and hiring process should contact Greenbrier Human Resources at careers@gbrx.com or call us at 503-684-7000.
Email communication from The Greenbrier Companies (Greenbrier) will always come from a corporate email address that ends in @gbrx.com or from our applicant tracking system, iCIMS, after you have created a secure account and submitted your application. During the application process, you will create a secure account in our secure applicant tracking site that ends with “-gbrx.icims.com”. In this portal, we will ask you to provide your contact information, past employment history, education history and other job-related information.