Senior Information Security Governance, Risk & Compliance (GRC) Analyst

Standardaero - DFW Airport, TX

posted 5 months ago

Full-time - Mid Level
DFW Airport, TX
Repair and Maintenance

About the position

At StandardAero, we are committed to building a career in aviation that you can be proud of. As a Senior Information Security Governance, Risk & Compliance (GRC) Analyst, you will play a crucial role within the Information Security office, reporting directly to the VP of Information Security. This position is integral to the IT department, where you will lead the day-to-day compliance requirements related to Information Security and Cybersecurity, manage data governance, and oversee information security risk management functions. Your primary responsibilities will include defining, creating, and managing Information Security Policies and Standards, handling exception management, and reporting on Key Risk Indicators (KRI). You will also provide overall support for the Information Security program management. In this role, you will take a senior lead in developing and maintaining a comprehensive Cyber Education and awareness program across the organization. This includes creating awareness communications, developing training courses, and conducting social engineering testing to ensure that all employees are well-informed about cybersecurity practices. Additionally, you will be responsible for conducting third-party information security risk assessments, ensuring that our vendors meet the necessary security standards. Your expertise will be essential in developing IT and organizational policies that align with legal and regulatory compliance needs, as well as general information security practices. You will identify key cybersecurity requirements based on the organization’s business objectives and risk appetite, while also overseeing compliance with established Information Security Policies and Standards. Collaboration with Third-Party Risk Management (TPRM) will be vital to continuously improve the TPRM program, and you will complete vendor assessments and manage reporting for engagements. You will work closely with various stakeholders, including operational, technical, and corporate personnel, to foster a culture of technology risk management. This role also involves interfacing with internal and external auditors for compliance initiatives and creating training content for all employees to enhance their understanding of information security. Staying current on industry trends and compliance requirements will be crucial to your success in this position, as will your ability to assist system users with security-related matters.

Responsibilities

  • Develop IT and organizational policies and standards in support of legal and regulatory compliance needs.
  • Identify key cybersecurity requirements based on business objectives and risk appetite.
  • Oversee compliance with Information Security Policies and Standards, including exception management and KRI reporting.
  • Partner with Third-Party Risk Management to improve the TPRM program.
  • Complete vendor assessments for engagements and manage reporting.
  • Identify, prioritize, monitor, and report technology risks and controls.
  • Foster a technology risk management culture and communicate a holistic risk profile to management.
  • Collaborate with the legal department on customer cybersecurity compliance requirements.
  • Interface with internal and external auditors for compliance initiatives.
  • Create information security and cyber awareness communications and training content.
  • Assist with social engineering testing and remedial training for employees.
  • Support overall program management functions, including KRI and metric reporting.
  • Advise internal customers on the applicability and interpretation of standards' requirements.
  • Ensure consistent application of cybersecurity policies and standards across stakeholders.

Requirements

  • Bachelor's degree in a related field and/or minimum 2 years of work-related experience in Information Security or Information Technology.
  • Ability to travel approximately 10%, including potential international travel.

Nice-to-haves

  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other industry certification.
  • 8+ years of work-related experience in information technology.
  • 5+ years of work-related experience in IT Risk, Compliance, Audit and/or Advisory.
  • Ability to obtain at least one of the following certifications within one year: CISSP, CISA, CRISC or equivalent designation.
  • Familiarity with technology processes, risks, and issues including infrastructure, information security, SDLC, and Enterprise Service Management.

Benefits

  • Comprehensive Healthcare
  • 401(k) with 100% company match; up to 5% vested
  • Paid Time Off starting on day one
  • Bonus opportunities
  • Health- & Dependent Care Flexible Spending Accounts
  • Short- & Long-Term Disability
  • Life & AD&D Insurance
  • Learning & Training opportunities

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service