Standard Aero
GRC Information Security Analyst
Standard Aero, Dallas, Texas, United States, 75215
Build an Aviation Career You're Proud Of
At StandardAero, we use our ingenuity and know-how to find solutions for the simple to the most complex challenges in aviation. Together, we get the job done and done well. Our stability, resources, and respectful culture supports you in building a solid career with a great team you can count on day in and day out for the long term.
Working as part of the Information Security office under the CISO, within the IT department at StandardAero, the GRC Analyst will be responsible for leading the day-to-day Information Security and Cybersecurity compliance requirements, data governance, and information security risk management functions. The role will include primary responsibility for defining, creating, and managing Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Information Security program management support.
The GRC Analyst will also support the development and maintenance of an organization-wide Cyber Education and awareness program to include awareness communications, training course development, and social engineering testing.
Responsibilities include:
Develop IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.Identify key cybersecurity requirements for StandardAero based on understanding the organization business objectives, cybersecurity risk appetite and considering: key threats, regulatory, legal and customer requirements, and technology trends.Oversee compliance with Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Program Management support.Support the development and maintenance of the risk register, tracking identified risks and remediation efforts.Work with leadership to prioritize and remediate risks based on potential impact.Partner with Third-Party Risk Management (TPRM) to continuously improve the TPRM program as the subject matter experts for Information Security and Cyber Security.Complete vendor assessments for engagements, including management reporting.Identify, prioritize, monitor and report technology risks and controls including performing risk and controls assessments.Work closely with operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and assist in communicating a holistic risk profile of technology risk to management and various stakeholders.Collaborate closely with the legal department to provide oversight of customer's cyber security compliance requirements reporting.Interface between both internal and external auditors for compliance initiatives, including providing requested audit inputs.Stay current on security industry trends, relevant federal government and customer specific compliance requirements, and security best practices.Provide assistance to system users relative to information systems security matters.Create information security and cyber awareness communications and training content for all employees.Assist with social engineering testing and remedial training for all employees.Support the overall program management function including KRI and metric reporting, audit, and roadmap reporting for senior management.Advise internal customers on applicability and interpretation of the standards' requirements.Interact with related stakeholders to ensure consistent application of cybersecurity policies and standards.Other duties may be assigned.
Requirements
Must be authorized to work in the U.S.Bachelor's degree in a related field and/or four (4) years of work-related experience in Information Security or Information Technology.Travel as required (up to 10%).
Preferences
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other industry certification.4+ years of work related experience in information technology.4+ years of work related experience in IT Risk, Compliance, Audit and/or Advisory.Must have and maintain or be able to obtain within one year of employment at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.Familiarity with technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks, NIST Risk Management Framework Special Publication 800-53, NIST 800-171 family of controls.
Benefits that make life better:
Comprehensive Healthcare401(k) with 100% company match; up to 5% vestedPaid Time Off starting on day oneBonus opportunitiesHealth- & Dependent Care Flexible Spending AccountsShort- & Long-Term DisabilityLife & AD&D InsuranceLearning & Training opportunities
Raising the Standard of Excellence since 1911With over a century of proven excellence, StandardAero has become an industry leader in MRO services and customized solutions in the aerospace field. Our shared values and learning-based culture inspire our team to exceed their potential and power our customers' missions worldwide. With on-the-job training, advancement opportunities, and excellent benefits, StandardAero invites you to experience a fulfilling and meaningful career with us.
Inclusivity Is Our StandardStandardAero offers equal employment opportunities for all. Our supportive environment celebrates diversity with no room for harassment or discrimination of any kind. We invite you to bring your authentic self to our team and experience our welcoming culture.
#J-18808-Ljbffr
At StandardAero, we use our ingenuity and know-how to find solutions for the simple to the most complex challenges in aviation. Together, we get the job done and done well. Our stability, resources, and respectful culture supports you in building a solid career with a great team you can count on day in and day out for the long term.
Working as part of the Information Security office under the CISO, within the IT department at StandardAero, the GRC Analyst will be responsible for leading the day-to-day Information Security and Cybersecurity compliance requirements, data governance, and information security risk management functions. The role will include primary responsibility for defining, creating, and managing Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Information Security program management support.
The GRC Analyst will also support the development and maintenance of an organization-wide Cyber Education and awareness program to include awareness communications, training course development, and social engineering testing.
Responsibilities include:
Develop IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.Identify key cybersecurity requirements for StandardAero based on understanding the organization business objectives, cybersecurity risk appetite and considering: key threats, regulatory, legal and customer requirements, and technology trends.Oversee compliance with Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Program Management support.Support the development and maintenance of the risk register, tracking identified risks and remediation efforts.Work with leadership to prioritize and remediate risks based on potential impact.Partner with Third-Party Risk Management (TPRM) to continuously improve the TPRM program as the subject matter experts for Information Security and Cyber Security.Complete vendor assessments for engagements, including management reporting.Identify, prioritize, monitor and report technology risks and controls including performing risk and controls assessments.Work closely with operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and assist in communicating a holistic risk profile of technology risk to management and various stakeholders.Collaborate closely with the legal department to provide oversight of customer's cyber security compliance requirements reporting.Interface between both internal and external auditors for compliance initiatives, including providing requested audit inputs.Stay current on security industry trends, relevant federal government and customer specific compliance requirements, and security best practices.Provide assistance to system users relative to information systems security matters.Create information security and cyber awareness communications and training content for all employees.Assist with social engineering testing and remedial training for all employees.Support the overall program management function including KRI and metric reporting, audit, and roadmap reporting for senior management.Advise internal customers on applicability and interpretation of the standards' requirements.Interact with related stakeholders to ensure consistent application of cybersecurity policies and standards.Other duties may be assigned.
Requirements
Must be authorized to work in the U.S.Bachelor's degree in a related field and/or four (4) years of work-related experience in Information Security or Information Technology.Travel as required (up to 10%).
Preferences
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other industry certification.4+ years of work related experience in information technology.4+ years of work related experience in IT Risk, Compliance, Audit and/or Advisory.Must have and maintain or be able to obtain within one year of employment at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.Familiarity with technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks, NIST Risk Management Framework Special Publication 800-53, NIST 800-171 family of controls.
Benefits that make life better:
Comprehensive Healthcare401(k) with 100% company match; up to 5% vestedPaid Time Off starting on day oneBonus opportunitiesHealth- & Dependent Care Flexible Spending AccountsShort- & Long-Term DisabilityLife & AD&D InsuranceLearning & Training opportunities
Raising the Standard of Excellence since 1911With over a century of proven excellence, StandardAero has become an industry leader in MRO services and customized solutions in the aerospace field. Our shared values and learning-based culture inspire our team to exceed their potential and power our customers' missions worldwide. With on-the-job training, advancement opportunities, and excellent benefits, StandardAero invites you to experience a fulfilling and meaningful career with us.
Inclusivity Is Our StandardStandardAero offers equal employment opportunities for all. Our supportive environment celebrates diversity with no room for harassment or discrimination of any kind. We invite you to bring your authentic self to our team and experience our welcoming culture.
#J-18808-Ljbffr