"Alerted.org

At Trane Technologies TM and through our businesses including Trane ® and Thermo King ® , we create innovative climate solutions for buildings, homes, and transportation that challenge what’s possible for a sustainable world. We're a team that dares to look at the world's challenges and see impactful possibilities. We believe in a better future when we uplift others and enable our people to thrive at work and at home. We boldly go.

What’s in it for you:

Be a part of our mission! As a world leader in creating comfortable, sustainable, and efficient environments, it's our responsibility to put the planet first. For us at Trane Technologies, sustainability is not just how we do business—it is our business. Do you dare to look at the world's challenges and see impactful possibilities? Do you want to contribute to making a better future? If the answer is yes, we invite you to consider joining us in boldly challenging what's possible for a sustainable world.

As part of the Cybersecurity Risk and Compliance team, the Senior Analyst, Cybersecurity Supply Chain Risk Management will play an integral role in identifying, evaluating, and reporting on cybersecurity risks on suppliers and other key third parties in a manner that allows Trane Technologies to manage identified risks and meet regulatory and compliance requirements. This role reports to the Senior Manager, Cybersecurity Risk Management.

Thrive at work and at home:

+ **Benefits** kick in on **DAY ONE** for you _and_ your family, including health insurance and holistic wellness programs that include generous incentives – **WE DARE TO CARE** !

+ **Family building benefits** include fertility coverage and adoption/surrogacy assistance.

+ **401K** **match** up to 6%, plus an additional 2% core contribution = up to **8%** company contribution.

+ **Paid time off,** including in support of **volunteer** and **parental leave** needs.

+ Educational and training opportunities through company programs along with **tuition assistance** and **student debt support** .

+ Learn more about our benefits here (https://careers.tranetechnologies.com/global/en/benefits) !

Where is the work:

From Monday to Thursday, work onsite with your colleagues. On Fridays, choose your work location, balancing what your work requires.

What you will do:

+ Conduct cybersecurity risk assessments of suppliers utilizing Trane Technologies’ supply chain risk management framework, including:

+ Review of inherent risk profiles.

+ Review of detailed security assessments and evidence.

+ Generation of assessment reports focused on key risks and control health.

+ Document and report on identified supplier risks associated with Trane Technologies’ business, products, systems and information assets.

+ Work closely with key stakeholders on identifying adequate risk reduction measures where required, and collaborating with technical SMEs as needed.

+ Coordinate with internal stakeholders such as Sourcing and Legal on assessment results and mitigation strategies.

+ Assist with the review of cybersecurity language included in contracts and agreements with suppliers.

+ Performs ongoing monitoring activities to ensure suppliers maintain appropriate security posture throughout the duration of engagement.

+ Reports on key risk indicators and metrics regarding supplier risk assessments.

+ Serve as a cybersecurity risk liaison to advise other IT and cybersecurity team members.

+ Continuously identify and implement improvements to the supply chain cybersecurity risk management framework in collaboration with the Senior Manager, Cybersecurity Risk Management.

What you will bring:

+ Bachelor’s degree in a related field preferred, and/or a minimum of 5-7 years of equivalent experience in Cybersecurity, IT Audit/Governance/Risk/Compliance, or similar role(s).

+ Solid technical understanding of cybersecurity concepts, standards, guidelines and principles, particularly with regards to cloud providers and Software as A Service (SaaS).

+ Effective project management and organizational skills, including managing multiple, concurrent projects and tasks.

+ Familiarity with multiple regulatory frameworks and controls such as ISO 27001, NIST-CSF and/or 800-53; SSAE 18/SOC2.

+ Strong critical thinking and analytical skills with the ability to apply technical requirements to operational/business controls and requirements.

+ Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority.

+ Demonstrated leadership skills with ability to communicate effectively and work independently, both as part of and leading a team.

+ At least one of the following certifications preferred: CISM, CISSP, CISA, CRISC.z

+ Travel: 5-10%.

Compensation:

Base Salary: $115,000 - $135,000

Additional Compensation: Total compensation for this role also will include an incentive plan.

Disclaimer: This "range" could be a result of seniority, merit, geographic location where the work is performed, education, experience, travel requirements for the job, or because of a system the employer uses to measure earnings by quantity or quality of production (so, for example, positions that may not have traditional salary ranges).

Equal Employment Opportunity:

We offer competitive compensation and comprehensive benefits and programs. We are an equal opportunity employer; all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, age, marital status, disability, status as a protected veteran, or any legally protected status.