Role Summary:The Staff Risk Analyst-Cyber Security will be responsible for leading, designing, developing and, implementing and automating solutions to enhance the information security assessment and threat management program to address the current and evolving security risks facing GE Power. This role requires developed and strong foundational skills and knowledge of relevant technologies in the development, automation for the Risk & Compliance space.
You will be a member of an integrated team working to deliver successful outcomes around automation, risk & compliance and data analytics. This role will report to the GE Power Director - Cyber Security.
In this role, you will:
Define and execute Cybersecurity & Technology risk management programs for GE Power.
Identify simplification and automation opportunities that support the GE Power Risk Assessment program providing end-to-end execution of business risk assessments focusing on identification and mitigation of risks in legacy business, joint ventures, supplier collaboration, and engineering lab environments.
Responsible for GE Digital Risk & Compliance data analytics and operational performance dashboards
Provide regular program updates to upper Management and Business Application Owners
Establish and maintain relationships with stakeholders including regional CIOs, and global IT security and compliance leaders to identify risk and mitigation strategies in the support of several of the following areas
Joint Ventures; Acquisitions; Divestitures; Supplier Assessments; Security Questionnaires, either Customer or Contract related.
Shares knowledge of best practices and policies for information security with colleagues.
Demonstrates the commitment to customer service by providing responsive and effective support, developing solid working relationships with colleagues, and delivering high quality, value-added services that exceed expectations.
Performs other duties as assigned by appropriate personnel
Bachelor's Degree in Computer Science or in "STEM" Majors (Science, Technology, Engineering and Math) or Information Technology
A minimum of 6 years of professional experience
Legal authorization to work in the U.S. is required for US locations.
Must be willing to travel 10% of the time
Must be willing to work out of a GE Power office.
Desired Characteristics:3+ years performing IT audits, security audits, risk assessments, vulnerability, and/or penetration testing engagements
CISA, CISSP, CISM, or other relevant certifications (or relevant proven work experience)
Strong oral and written communication skills able to communicate appropriately to technical and management audience in a clear and succinct manner and effectively evaluates information / data to make decisions
Risk analysis background and familiar with cyber threat identification and mitigation.
Strong in-depth technical knowledge in security engineering, computer and network security, strong authentication and security protocols
Collaborates well with others to solve problems and actively incorporates input from various sources
Experience developing and executing project plans
Hold a CISA, CISSP, CISM, or other relevant certification OR possess a minimum of 2 years of experience in IT audit/risk/security or IT project management.
Familiar with industry regulations (SOX, GDPR, Export Control)
Knowledge and experience preparing IT controls-related audit documentation and validating to the UK SPF (DEFCON 658, DEFSTAN 05-138), PCI, COBIT, NIST, ITIL and ISO frameworks
Have exposure to network security solutions, i.e. IDS, IPS, Qualys, DLP, Firewalls etc.
Familiar with Splunk, SiSense and ServiceNow a plus.
Knowledge of or experience in Agile methodology and concepts
Green Belt Certified or equivalent Quality Training (GE Employees ONLY)
Experience in the Information Management (IM) Compliance or Security Fields
Strong leadership, influencing and team building skills
Ability to develop and maintain effective client relationships
Comfortable and effective working in areas that require rapid problem solving continuous learner
About Us:GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.Additional Locations:United States;Georgia, Louisiana, Michigan, New York, North Carolina;Atlanta, Schenectady, Greenville, New Orleans, Detroit;