Senior Security Governance, Risk and Compliance Analyst

Job Summary:

The Senior Security Governance, Risk and Compliance Analyst will lead the Information Security Governance, Risk and Compliance (GRC) function. The Senior Security GRC Analyst will provide hands-on experience maturing risk management processes and establishing security & privacy related compliance with appropriate security standards and regulations that include ISO, NIST, PCI-DSS, MPA/TPN, GDPR and other industry-standard frameworks. The role will work collaboratively with various stakeholders to ensure success with all related programs. The Senior Security GRC Analyst will use risk-based methodologies and decision-making to arrive at creative and pragmatic solutions, without relying on pre-defined checklists, is an important component of the role. Ensures the performance of all duties in accordance with the company's policies and procedures, all global laws, and regulations, wherein the company operates.

Duties and Responsibilities:

• Review regulatory requirements, external policies or standards related to Information Security & Data Protection/Privacy, and conduct gap analysis to internal security policies and requirements. Ensure compliance with regulatory compliance and certification programs (e.g., ISO 27001, NIST CSF, PCI-DSS, MPA/TPN, GDPR)
• Establish, implement, and monitor the security certifications program and ensure that it continues scale appropriately with the business
• Ensure compliance with the established key metrics that measure data security standards, the ISO standards/certification and provide evidence of compliance for internal and external audits
• Be a Security and Compliance Champion that promotes and evangelizes awareness of different security and compliance risks and best practices across the company
• Perform risk assessments-including third party vendor/supply chain assessments, and manage associated security risk remediation activities
• Conduct control and risk assessments of technical operating environments and third parties.
• Identify, document, and manage gaps related to security and compliance and other tasks to support ensuring the Company’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection
• Collaborate with cross-functional teams to ensure security related controls are documented and managed
• Support the business continuity management (BCM) program, including subject matter expertise input for business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with IT on disaster recovery planning and updating/implementing crisis management plans (CMP)
• Coordinate third party audits on security, controls, and security/privacy compliance
• Conduct third party risk assessments and collaborate with external and internal stakeholders to identify critical risks to the organization
• Work with third parties to agreed risk treatment plan and participate in contract review
• Serve as a subject matter expert on internal controls, security, privacy and collaborate with Product Strategy and Development on product enhancements, features and security/privacy capabilities
• Respond to customer security/compliance questionnaires
• Stay current on market developments to identify emerging security technologies, risks, and trends

• Bachelor’s Degree in Information Security, Information Systems, Engineering, or other related field or equivalent experience in a related field
• 10+ years of progressive information security GRC experience
• 5+ years of experience conducting & supporting internal/external formal audits (such as PCI-DSS, SOX, HIPAA)
• Professional security certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), PCI-DSS Internal Security Assessor (ISA)
• A comprehension of security standards and frameworks, rules and regulations, and system trust principals, such as ISO, NIST, OWASP, SANS Top 20, PCI-DSS, GDPR, ITIL, and SOC2
• Previous experience with GRC tools such as KCM, Auditboard
• Thorough understanding of Security Methodologies required
• Ability to effectively communicate and educate others on the need and value-add of security governance, risk and compliance efforts

The starting pay range for this position is $112,100 - $134,500 per year however, base pay offered may vary depending on the level of the position, skills, experience, job-related knowledge, and location.

In addition to a comprehensive package of health benefits that include company contributions, RAVE Aerospace offers a variety of additional benefits and perks to enhance your work-life balance experience including but not limited to:

• Discretionary bonus program
• Future financial security with a 401(k) program with company match
• Paid time off covering vacations, personal time off and sick days, capped off by an exciting year-end holiday shutdown
• Embraced flexibility with our alternative work schedule (9/80) to navigate your workweeks with every other Friday off