GRC Information Security Analyst

Standardaero - Dallas, TX

posted 19 days ago

Full-time - Mid Level
Dallas, TX
Repair and Maintenance

About the position

The GRC Information Security Analyst at StandardAero plays a crucial role in leading the day-to-day Information Security and Cybersecurity compliance requirements, data governance, and information security risk management functions. This position is responsible for defining, creating, and managing Information Security Policies and Standards, overseeing compliance, and supporting the development of a Cyber Education and awareness program. The analyst will work closely with various stakeholders to ensure a robust risk management culture and compliance with legal and regulatory requirements.

Responsibilities

  • Develop IT and organizational policies and standards for compliance needs and information security practices.
  • Identify key cybersecurity requirements based on business objectives and risk appetite.
  • Oversee compliance with Information Security Policies and Standards, including exception management and KRI reporting.
  • Support the development and maintenance of the risk register and track remediation efforts.
  • Work with leadership to prioritize and remediate risks based on potential impact.
  • Partner with Third-Party Risk Management to improve the TPRM program.
  • Complete vendor assessments and manage reporting.
  • Identify, prioritize, monitor, and report technology risks and controls.
  • Foster a technology risk management culture and assist in communicating risk profiles to management.
  • Collaborate with the legal department on cybersecurity compliance requirements.
  • Interface with internal and external auditors for compliance initiatives.
  • Stay current on security industry trends and compliance requirements.
  • Create information security and cyber awareness communications and training content.
  • Assist with social engineering testing and remedial training for employees.
  • Support overall program management functions including KRI and metric reporting.

Requirements

  • Bachelor's degree in a related field or 4 years of work-related experience in Information Security or IT.
  • Must be authorized to work in the U.S.
  • 2 years of experience in IT Risk, Compliance, Audit, or Advisory.
  • Must obtain at least one of the following certifications within one year: CISSP, CISA, CRISC.

Nice-to-haves

  • Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA).
  • 4+ years of work-related experience in information technology.
  • Familiarity with NIST Risk Management Framework and IT controls frameworks.

Benefits

  • Comprehensive Healthcare
  • 401(k) with 100% company match; up to 5% vested
  • Paid Time Off starting on day one
  • Bonus opportunities
  • Health- & Dependent Care Flexible Spending Accounts
  • Short- & Long-Term Disability
  • Life & AD&D Insurance
  • Learning & Training opportunities

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service