Defense - Information Security GRC Analyst 2 - Wichita, United States - Kansas Action for Children
Description
at Spirit AeroSystems, Inc in Wichita, Kansas, United StatesJob Description
Overview
Spirit AeroSystems designs and builds aerostructures for both commercial and defense customers. With headquarters in Wichita, Kansas, Spirit operates sites in the U.S., U.K., France and Malaysia. The company's core products include fuselages, pylons, nacelles and wing components for the world's premier aircraft. Spirit AeroSystems focuses on affordable, innovative composite and aluminum manufacturing solutions to support customers around the globe.
Summary:
As an Information Security GRC (Governance, Risk, Compliance) Analyst, you will work closely with the Global Information Security GRC team, GIS Engineering and Architecture, and Operations teams, Information Technology (IT), corporate shared services and business operations teams to assess, monitor, and report on the organization's adherence to security and compliance standards, policies, and procedures.
You will help ensure that our company maintains the appropriate level of security and compliance as required by our applicable Regulations, Customer contracts and adopted standards to ensure Spirit is safeguarding sensitive information to protect Spirit, our Customers, Suppliers, and stakeholders.
ResponsibilitiesKey Accountabilities:
Executing the GIS GRC Program consistent with complex business requirements
This role is a more tactical role wherein you may be asked to:
Assist with routine GRC program support tasks
Document, Maintain and deploy policies and procedures related to the protection of assets including systems, networks, people, information, and property and monitor compliance
Document, conduct and participate in Compliance Assessments
Support development and implement a Requirements Management System within our GRC platform
Support and provide defined Awareness and Training to end users
Support senior staff with efforts engaged in business operations to develop and implement policy, procedures and generally influence the adoption of a culture of Security throughout the business globally
Support maturing the GIS-GRC implementation, processes and tools
Participate in Strategic planning and execution for GRC Programs and deliverables
Develop KPI's, then generate and maintain information security metrics, evaluate effectiveness, and provide reporting on adopted metrics
Track and understand the security posture, logic, and reason for controls
Work closely with control owners in IT, business operations and physical security as well as internal and external auditors to ensure requests are completed accurately and timely
Develop and implement an information security framework, aligned with NIST SP 800-53R5.
Lead/Manage the various types of Risk Assessments across the GRC platform
Facilitate the identification and remediation of control gaps and escalates critical issues to your leadership
Translate complex information security concepts into business-relevant terms to facilitate effective decision making by non-technical personnel Lead the development of policies and procedures
Identify, analyze, evaluate, and document information security risks and controls based on established risk criteria
Conduct security risk assessments of planned and installed information systems to identify vulnerabilities and risks
Recommend controls to mitigate security risks identified via risk assessment process
Communicate risk findings and recommendations that are clear and actionable by business stakeholders
Prepare for and facilitates examinations by qualified security assessors for regulations
Conduct routine compliance audits, ensuring that the organization complies with relevant regulatory requirements, industry standards, and internal policies
Prepare compliance reports, track key performance indicators (KPIs), and provide regular updates to management and stakeholders on the state of compliance within the organization
Stay current with changing regulations and industry standards related to information security and compliance, ensuring the organization's continuous adherence
Perform required Information Security Audits/Assessments Internal / External / 3rd Party, based on; Regulations - Contracts - Standards - Policy
Perform third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle
Assess and report on the risks and benefits for the business as well as mandates for supplier compliance
Qualifications
Requirements:
2+ years of related cybersecurity, compliance, and/or risk management experience
Preferred... For full info follow application link.
Spirit AeroSystems is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, marital or civil partnership status, pregnancy, age, disability, veteran status or any other protected factor under federal, state or local law.
#J-18808-Ljbffr