Principal IT Gov Risk & Compliance (Hybrid/Remote) - 90294980 - Washington

Date: Aug 6, 2022

Location: Washington, District of Columbia, US, 20002

Company: Amtrak

Your success is a train ride away!

As we move America’s workforce toward the future, Amtrak connects businesses and communities across the country. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority, and the success of our railroad is due to our employees.


Are you ready to join our team?

Our values of ‘Do the Right Thing, Excel Together and Put Customers First’ are at the heart of what matters most to us, and our Core Capabilities, ‘Building Trust, Accountability, Effective Communication, Customer Focus, and Proactive Safety & Security’ are what every employee needs to know and do to be most impactful at Amtrak. By living the Amtrak values, focusing on our capabilities, and actively embracing and fostering diverse ideas, backgrounds, and perspectives, together we will honor our past and make Amtrak a company of the future.


The Principal Risk & Compliance Specialist is an experienced Risk management professional proficient in risk management key controls and standards, supporting, overseeing and monitoring the Company’s IT /Cyber control environment, ensuring IT control findings and risk exposures are identified and addressed in a timely manner. Position will be responsible for Implementing and maintaining an Integrated Risk Management (IRM) system that provides a comprehensive view of IT and OT security risks, controls, and policies based on NIST Cybersecurity and Risk Management Frameworks. Work plans and measures are instituted to achieve scope, objectives and potential risks are assessed and adequate key IT Controls meet Internal Policy and Compliance Standards.  This role manages all security (GRC) related controls, metrics and reports ensuring the controls and associated metrics, and key risk and performance indicators  are reviewed periodically and updated as needed. 


  • Manages all security related controls and associated metrics and reports.  
  • Manages IRM (GRC) environment and all associated integrations in and outside platform. 
  • Reviews, revises, and where appropriate, proposes new policies and procedures to ensure compliance with applicable laws and regulations. 
  • Leads IT Governance & Risk  team members through development of new or updated IT related controls and processes.
  • Identifies major risk factors which may prevent Amtrak from achieving its strategic, operational, financial reporting and compliance objectives. 
  • Assumes Risk Management or review lead for multiple Amtrak IT audit projects concurrently, ranging from simple to complex.  
  • Plans and manages compliance testing initiatives, including audits of internal controls, identifying internal IT controls, assessing design compliance and operational effectiveness, determining risk exposures and developing remediation plans. 
  • Creates budget forecasts and participates in the development of IT audit budgets.
  • Tracks and takes appropriate steps to stay within budget.  
  • Works with the Director IT Governance, Risk & Compliance and other appropriate leadership to formulate, develop and review audit responses.  
  • Generates appropriate communication, process and educational plans for mitigating the disruption of change. Identifies and removes obstacles to change. 
  • Effectively perform all IT Controls as applicable. 



  • Bachelor’s Degree in accounting, information systems or computer science with 7+ years relevant experience or equivalent work experience 
  • 11+ years of relevant work experience to satisfy education and experience requirements 
  • Experience in GRC/IRM space with leading, developing and integrating GRC processes.
  • Deep understanding of the Service Now platform and IRM ecosystem.
  • Familiarity with the risk‐based frameworks associated analysis and data analytics.  
  • Familiarity with industry frameworks (e.g. CIS, COBIT, NIST, etc.), best practice and methodologies  
  • Must possess strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self‐motivated  
  • Strong written communication skills.  



  • Master’s Degree 
  • Experience working in large complex companies, that heavily rely on real time 24x7 operations to successfully service external customers 
  • Experience in the transportation industry.  
  • Certified Information System Auditor (CISA)
  • At least 7 years of broad IT audit experience to include executing internal audit or risk management consulting engagements.  


  • Must have excellent oral and written communication skills.


Requisition ID:115125
Posting Location(s):District of Columbia
Job Family/Function:Information Technology 
Relocation Offered:No 
Travel Requirements:Up to 25% 

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job – we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

All positions require pre-employment background check verification, a pre-employment drug screen and proof of full vaccination against COVID -19. Amtrak is committed to a safe workplace free of drugs and alcohol and performs pre-employment substance abuse testing. Marijuana, notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession of marijuana, whether for medical, recreational, or other use.  Candidates who engage in the usage of marijuana will not be qualified for hire.   Successful applicants for employment with Amtrak must be fully vaccinated against COVID-19 by the date of hire as a condition of employment, subject to requests for accommodation.  Fully vaccinated means 14 days have elapsed since receiving the second dose of the Pfizer or Moderna vaccine or 14 days since receiving the Johnson & Johnson vaccine.

In accordance with DOT regulations (49 CFR § 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety-sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, the individual will not be permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an EOE/Affirmative Action Minority/Female employer, and we welcome all to apply. We consider candidates regardless of race/color, religion, sex (including pregnancy, childbirth and related conditions), national origin/ethnicity, age, disability (intellectual, mental and physical), veteran status, marital status, ancestry, sexual orientation, gender identity and gender expression, genetic information, citizenship or any other personal characteristics protected by law.

POSTING NOTES: Information Technology || Information Technology