Spirit Airlines - Dania Beach, FL
posted 1 day ago
Dania Beach, FL
Air Transportation
About the position
The Sr. IT Security Compliance Analyst will be responsible for day-to-day activities in implementing the information security governance, risk, and compliance program. The individual will assist in maintaining audit and compliance initiatives to ensure policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements including but not limited to SOX and PCI. Success in the role will be measured by the effectiveness of the implementation and operation of information security governance, risk, and compliance directives.
Responsibilities
- Identify, collect, organize, and review pertinent evidence such as user access reviews across multiple platforms and applications to determine compliance with relevant regulatory controls.
- Coordinate the internal and external SOX/PCI audits for IT.
- Acts as a liaison between Auditors and IT by coordinating requests for information and by coordinating responses to any observations.
- Establish and maintain security & controls, policies, and procedures in accordance with applicable regulations.
- Research new security compliance requirements and assist in the evaluation of compliance control requirements.
- Establish and report technology risk related metrics.
- Schedule and lead technical interviews with various stakeholders and leadership.
- Write detailed findings, remediation plans, and obtain supporting documentation.
- Ensures compliance with applicable information security standards and policies.
- Provide IT management guidance as to how to re-mediate pertinent action items to ensure ongoing compliance.
- Conduct and evaluate risk assessments for all kind of assets and entities including third parties.
- Effectively manages internal and external audit requests.
- Ensures timely delivery of completed user access reviews, respective remediation plans and actions.
- Ensures assets related findings are mitigated with appropriate controls.
Requirements
- Bachelor's degree or equivalent experience (indicate specific field, if required)
- 10+ years' experience in IT audit, Information Security, and IT domains such as Governance, Risk, and Compliance (GRC), IT operations, incident response, identity and access management, penetration testing, vulnerability testing, e-discovery & forensics, application development, infrastructure, technical support, or business
- Previous experience in implementing and utilizing a GRC tool.
- Previous Identity and Access Management experience is a plus.
- One or more of the following CISSP, CGRC, CISA, CRISC preferred
- Working knowledge of how to apply information security frameworks such as NIST and ISO within an organization.
- Working knowledge of how to apply risk management frameworks within Information Security and the broader technology environment.
- Excellent written and verbal communication skills.
- Strong experience working with productivity tools such as MS Office.
- Ability to interact confidently with various levels of technical and management positions.
- Possess a broad knowledge of technology operation group requirements and activities.
- Must be able to translate theoretical requirements into applicable policies and standards.
- Critical thinker.
- Must be able to provide multiple solutions to complex problems - problem solver.
