Defense - Information Security GRC Analyst 2 - Wichita, United States - Kansas Action for Children

    Kansas Action for Children
    Kansas Action for Children Wichita, United States

    4 weeks ago

    Default job background
    Description
    at Spirit AeroSystems, Inc in Wichita, Kansas, United States
    Job Description

    Overview
    Spirit AeroSystems designs and builds aerostructures for both commercial and defense customers. With headquarters in Wichita, Kansas, Spirit operates sites in the U.S., U.K., France and Malaysia. The company's core products include fuselages, pylons, nacelles and wing components for the world's premier aircraft. Spirit AeroSystems focuses on affordable, innovative composite and aluminum manufacturing solutions to support customers around the globe.

    Summary:


    As an Information Security GRC (Governance, Risk, Compliance) Analyst, you will work closely with the Global Information Security GRC team, GIS Engineering and Architecture, and Operations teams, Information Technology (IT), corporate shared services and business operations teams to assess, monitor, and report on the organization's adherence to security and compliance standards, policies, and procedures.

    You will help ensure that our company maintains the appropriate level of security and compliance as required by our applicable Regulations, Customer contracts and adopted standards to ensure Spirit is safeguarding sensitive information to protect Spirit, our Customers, Suppliers, and stakeholders.

    Responsibilities

    Key Accountabilities:
    Executing the GIS GRC Program consistent with complex business requirements
    This role is a more tactical role wherein you may be asked to:
    Assist with routine GRC program support tasks
    Document, Maintain and deploy policies and procedures related to the protection of assets including systems, networks, people, information, and property and monitor compliance
    Document, conduct and participate in Compliance Assessments
    Support development and implement a Requirements Management System within our GRC platform
    Support and provide defined Awareness and Training to end users
    Support senior staff with efforts engaged in business operations to develop and implement policy, procedures and generally influence the adoption of a culture of Security throughout the business globally
    Support maturing the GIS-GRC implementation, processes and tools
    Participate in Strategic planning and execution for GRC Programs and deliverables
    Develop KPI's, then generate and maintain information security metrics, evaluate effectiveness, and provide reporting on adopted metrics
    Track and understand the security posture, logic, and reason for controls
    Work closely with control owners in IT, business operations and physical security as well as internal and external auditors to ensure requests are completed accurately and timely
    Develop and implement an information security framework, aligned with NIST SP 800-53R5.
    Lead/Manage the various types of Risk Assessments across the GRC platform
    Facilitate the identification and remediation of control gaps and escalates critical issues to your leadership
    Translate complex information security concepts into business-relevant terms to facilitate effective decision making by non-technical personnel Lead the development of policies and procedures
    Identify, analyze, evaluate, and document information security risks and controls based on established risk criteria
    Conduct security risk assessments of planned and installed information systems to identify vulnerabilities and risks
    Recommend controls to mitigate security risks identified via risk assessment process
    Communicate risk findings and recommendations that are clear and actionable by business stakeholders
    Prepare for and facilitates examinations by qualified security assessors for regulations
    Conduct routine compliance audits, ensuring that the organization complies with relevant regulatory requirements, industry standards, and internal policies
    Prepare compliance reports, track key performance indicators (KPIs), and provide regular updates to management and stakeholders on the state of compliance within the organization
    Stay current with changing regulations and industry standards related to information security and compliance, ensuring the organization's continuous adherence
    Perform required Information Security Audits/Assessments Internal / External / 3rd Party, based on; Regulations - Contracts - Standards - Policy
    Perform third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle
    Assess and report on the risks and benefits for the business as well as mandates for supplier compliance
    Qualifications

    Requirements:
    2+ years of related cybersecurity, compliance, and/or risk management experience
    Preferred... For full info follow application link.

    Spirit AeroSystems is an equal opportunity employer and considers qualified applicants for employment without regard to race, color, creed, religion, national origin, sex, sexual orientation, gender identity and expression, marital or civil partnership status, pregnancy, age, disability, veteran status or any other protected factor under federal, state or local law.

    #J-18808-Ljbffr