Analyst - IT Governance - Risk & Compliance

Frontier Airlinesposted 2 months ago
$72,000 - $96,331/Yr
Full-time - Entry Level
Denver, CO
Air Transportation

Add to tracker

Apply

About the position

The IT Governance, Risk, & Compliance (GRC) Analyst will support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The IT GRC Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, TSA, and data privacy standards/regulations. The analyst will implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The analyst will have a unique opportunity to partner and engage with departments across the organization, including Cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams.

Responsibilities

  • Make an impact on the organization's security program and services through experience with various cybersecurity concepts including data governance, risk management, metrics, audit, policy, and standards development.
  • Partner with Finance, Accounting, and Internal Audit teams to understand our processes and how technology controls fit into those processes.
  • Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability.
  • Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies.
  • Support control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews.
  • Assist in conducting management audits, producing reports with recommendations for remediation and improvement.
  • Support development and implementation of security policies, procedures, and documented security controls.
  • Maintain a regulatory (PCI/SOX/TSA) control database, inventorying control ownership, control objectives, and testing objectives.
  • Support and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments.
  • Support key operations of due diligence, on-going monitoring, and risk exception/waiver management.
  • Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results.
  • Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives.
  • Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards.
  • Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.
  • Support development and dissemination of cybersecurity training and awareness for organizational users, administrators, and developers.
  • Assist in the management and maintenance of the enterprise-wide Cybersecurity Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, bulletins, and newsletters.
  • Support controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective.
  • Perform assessments on our Third Parties, aimed at reducing organizational risk from a cybersecurity perspective.
  • Support the delivery of relevant and actionable reporting/presentations to stakeholders and executive management.
  • Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, TSA, PCI, and SOX) and escalate findings appropriately.
  • Performs other related duties as assigned.

Requirements

  • Bachelor's degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field.
  • 3+ years' experience in vendor risk management, IT risk management, and/or data privacy role.
  • 2+ years' experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role.
  • Ability to develop policies, standards, and procedures in compliance with laws, regulations, and industry best practices in support of organizational cyber activities.

Nice-to-haves

  • Experience with the airline industry a plus.
  • Hold an active GRC certification, such as CISSP, CISA, CISM, CRISC, CRMA, or GIAC.
  • Big-4 accounting firm experience is a plus.

Benefits

  • Flight benefits for you and your family to fly on Frontier Airlines.
  • Buddy passes for your friends so they can experience what makes us so great.
  • Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages.
  • Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors.
  • Enjoy a 'Dress for your Day' business casual environment.
  • Flexible work schedules that support work/life balance.
  • Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date.
  • The HOPE League, Frontier Airlines' non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship.

Add to tracker

Apply

Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service