Senior Information Security Governance, Risk & Compliance (Grc) Analyst

Build an Aviation Career You're Proud Of

At StandardAero, we use our ingenuity and know-how to find solutions for the simple to the most complex challenges in aviation. Together, we get the job done and done well. Our stability, resources, and respectful culture supports you in building a solid career with a great team you can count on day in and day out for the long term.

As a Senior Information Security Governance, Risk & Compliance (GRC) Analyst you will work as part of the Information Security office under the VP of Information Security, within the IT department at StandardAero. The GRC Sr. Analyst will be responsible for leading the day-to-day Information Security and Cybersecurity compliance requirements, data governance, and information security risk management functions. The role will include primary responsibility for defining, creating, and managing Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Information Security program management support.

The GRC Sr. Analyst will also take a senior lead in the development and maintenance of an organization wide Cyber Education and awareness program to include awareness communications, training course development, and social engineering testing.

At StandardAero, this position is responsible for third-party information security risk assessments.

What you'll do:

• Develop IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices

• Identify key cybersecurity requirements for StandardAero based on understanding the organization business objectives, cybersecurity risk appetite and considering: key threats, regulatory, legal and customer requirements, and technology trends

• This role oversees compliance with Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Program Management support.

• Partners with Third-Party Risk Management (TPRM) to continuously improve the TPRM program as the subject matter experts for Information Security and Cyber Security.

• Completes vendor assessments for engagements, including management reporting.

• Responsible for identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments.

• Works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to management and various stakeholders.

• Collaborate closely with the legal department to provide oversight of customer's cyber security compliance requirements reporting.

• Interfaces between both internal and external auditors for compliance initiatives, including providing requested audit inputs.

• Creates information security and cyber awareness communications and training content for all employees.

• Assists with social engineering testing and remedial training for all employees.

• Supports the overall program management function including KRI and metric reporting, audit, and roadmap reporting for senior management.

• Advise internal customers on applicability and interpretation of the standards' requirements.

• Interact with related stakeholders to ensure consistent application of cybersecurity policies and standards.

• Other duties may be assigned.

• Stay current on security industry trends, relevant federal government and customer specific compliance requirements, and security best practices.

• Provides assistance to system users relative to information systems security matters.

What skills you will require:

• Bachelor's degree in a related field and/or minimum 2 years of work-related experience in Information Security or Information Technology

• Ability to travel 10% approx. International travel may be required.

Preferred Characteristics you will possess:

• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other industry certification

• 8+ years of work-related experience in information technology.

• 5+ years of work-related experience in IT Risk, Compliance, Audit and/or Advisory.

• Must have and maintain or be able to obtain within one year of employment at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.

• Familiarity with technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks, NIST Risk Management Framework Special Publication 800-53, NIST 800-171 family of controls.

Competencies:

• Capable of identifying, evaluating and mitigating significant risks within an enterprise

• Strong working experience with Microsoft Office Suite and GRC tools

• Ability to document and explain risks and vulnerabilities to both business and technical stakeholders

• Possess strong influencing, negotiating, and relationship building skill

• Strong oral and written communication skills and the ability to work well with people from many different disciplines with varying degrees of technical experience

• Possess strong analytical skills attention to detail

• Ability to prioritize assignments while working on multiple projects

• Ability to undertake complex projects requiring additional specialized technical knowledge

• Ability to work independently and proactively to meet assigned objectives

Benefits that make life better:

• Comprehensive Healthcare

• 401(k) with 100% company match; up to 5% vested

• Paid Time Off starting on day one

• Bonus opportunities

• Health- & Dependent Care Flexible Spending Accounts

• Short- & Long-Term Disability

• Life & AD&D Insurance

• Learning & Training opportunities

Raising the Standard of Excellence since 1911

With over a century of proven excellence, StandardAero has become an industry leader in MRO services and customized solutions in the aerospace field. Our shared values and learning-based culture inspire our team to exceed their potential and power our customers' missions worldwide. With on-the-job training, advancement opportunities, and excellent benefits, StandardAero invites you to experience a fulfilling and meaningful career with us.

Inclusivity Is Our Standard

StandardAero offers equal employment opportunities for all. Our supportive environment celebrates diversity with no room for harassment or discrimination of any kind. We invite you to bring your authentic self to our team and experience our welcoming culture.