At Tenneco, we don’t follow industry standards; we set them, and we don’t settle for being best-in-class because we hustle to be better than best-in-class. Whether it’s our Core Values – radical candor, simplify, organizational velocity, tenacious execution and win – or our Get Stuff Done (GSD) mindset, we’re determined to become the most trusted partner and best manufacturer and distributor to the transportation industry.

With a product portfolio as expansive as it is innovative, an obsessive commitment to quality and excellence, and a global presence, we’re all about getting stuff done, so we can win.

How do we make it happen? Through the Tenneco Way. Fueled by our Core Values, a winning mindset and a relentless commitment to excellence, the Tenneco Way is how we win. It’s what keeps Team Tenneco bold, driven, and unapologetically focused on pushing past limits and redefining success.

Here, you’ll work alongside a team of relentless problem-solvers who are committed to making a tangible impact. If you’re ready to break boundaries, deliver results, and enjoy the ride along the way, you’ll thrive here.

Want to learn more about who we are? Check out our website to discover the Tenneco Way

ABOUT THE ROLE

We are seeking an IT Risk Management Senior Analyst to help design, implement, and mature our enterprise cybersecurity and technology risk program. This role is ideal for a risk professional who has built risk programs—not just operated them—and who can translate complex technical risks into clear, prioritized, and measurable risk decisions for leaders.

You will lead the development of our risk tolerance and thresholds, establish and manage a central risk register, and build a repeatable risk management lifecycle and supporting processes. You will partner across Cybersecurity, Physical Security, IT, Privacy, and business teams to ensure risks are identified, assessed, tracked, mitigated, and reported with consistency and transparency. This position is based in Northville, Michigan and reports directly to the Senior IT Governance Manager of the company.

KEY RESPONSIBILITIES

Risk Governance

• Define and operationalize risk tolerance and risk thresholds in partnership with leadership and stakeholders.
• Develop and maintain a risk taxonomy, risk scoring methodology, and risk rating guidance to support consistent assessments.
• Create and mature the risk management lifecycle including decision criteria, artifacts, roles, and accountability.

Risk Register Management

• Establish a scalable security/technology risk register.
• Implement workflows for intake, review, approval, and periodic reassessment.
• Ensure risks are measurable, comparable, and traceable through evidence and documentation.

Risk Assessment & Treatment

• Partner closely with the IT Compliance team to document risk treatment plans: mitigation, acceptance, transfer, or avoidance; ensure alignment with risk thresholds.
• Develop and manage the process for risk acceptance and exception handling, including decision criteria, approvals, and expiration/renewal.

Reporting, Metrics & Executive Communication

• Build risk reporting and dashboards that clearly communicate:
• Risk posture against thresholds
• Top risks and trends
• Treatment progress and overdue actions
• Prepare risk summaries for leadership forums

Process Development & Continuous Improvement

• Create and maintain risk management playbooks, templates, standards, and procedures
• Identify opportunities to streamline risk operations through tooling and automation (GRC platforms, workflow automation, integrations).

JOB REQUIREMENTS

• 5–8+ years of experience in cybersecurity risk management, technology risk, GRC, or operational risk.
• Demonstrated experience setting risk tolerance and thresholds and translating them into practical decision rules.
• Proven track record of building and operating a risk register.
• Experience creating or maturing a risk management lifecycle and supporting processes
• Strong understanding of cybersecurity concepts (controls, threats, vulnerabilities, cloud risk, identity, incident risk, third-party risk).
• Excellent written and verbal communication: ability to deliver clear, executive-ready risk narratives and recommendations.
• Experience with GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, LogicGate, MetricStream) or comparable workflow systems.

Skills:

• Excellent communication, organization time management and problem-solving skills
• Exceptional track record of building relationships with stakeholders
• Strong multi-tasking skills with the ability to manage multiple projects
• Ability to function as a Team Player and maintain a good working relationship, yet think and act independently with professionalism, discretion and confidentiality
• Excellent communication, organization time management and problem-solving skills

We don’t want average. We want exceptional. We want someone who’s hungry to build, unafraid to challenge, and bold enough to lead with empathy, speed, and precision. Sound like you? Let us know.

Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities