Job Description

United States, Georgia, Atlanta

Information Technology

03-Mar-2021

Ref : 5292

LinkedIn Tag: LI-KG1

How you'll help us Keep Climbing (overview & key responsibilities)

The IT Security Engineer is someone who, when asked to do the impossible, responds with a grin -- Bring it on! You want a job, not because it is easy, but because you get to drive real transformational change. You are someone who is passionate about identifying, communicating, and reducing risk. For you, Information Security is a passion and not just a job! This position can be located in Atlanta, GA or Minneapolis, MN.

Delta Information Security Governance Risk and Compliance (ISGC) is leading the effort to mature Deltas growing Information Security practice. The team is actively working to implement a controls focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure enterprise risk and the effectiveness of the Information Security practice. We partner closely with others in the Information Technology Division to drive aligned results. We have the opportunity to mobilize meaningful change through a well-established, well-respected company leading the Aviation industry.

Responsibilities:

* Evaluate, quantify, and communicate risk across the compliance, internal controls, and cyber domains
* Establish and communicate key risk and key performance indicators respective to our program
* Engage with partners in Information Security, Information Technology, and lines of business to ensure we are in compliance with Delta Information Security policy, standards, and regulatory/statutory requirements
* Analyze and research IT relevant policies, standards, and procedures against dedicated frameworks (NIST, ITIL, ISO) to provide guidance for driving continually effective and efficient processes
* Key team player in driving regulatory engagements lifecycle such as SOX, PCI, Department of Defense (DoD), GDPR, and more
* Coordinate with internal and external audit teams, as needed, to fulfill regulatory/statutory requirements
* Engage & consult with key partners within Delta to develop relationships to facilitate partnership & alignment
* Anticipate organizational impacts & understand risk associated with introducing new technologies or processes
* Exceptional written and verbal communication skills with a demonstrated ability to develop and maintain relationships
* Perform special projects as assigned, while effectively managing time with competing priorities
* Requires self-starters who work well within a largely self-directed environment
* Manage regulatory artifact requests, collect evidence, and complete overarching engagement-related administrative tasks

What you need to succeed (minimum qualifications)

* High School Diploma, GED or High School Equivalency
* Embraces Diverse people, thinking and styles
* Consistently makes safety and security, of self and others, the priority
* High-level of technical expertise required.
* Minimum of 6-8 years work experience in IT and/or Governance, Risk, and Compliance related functions
* Experience working in a governance environment leveraging a risk and controls mindset
* Understanding and working knowledge of cybersecurity-related frameworks such as NIST, CIS, CSF, and SANS
* Excellent verbal and written skills; and excellent organizational and time management skills

What will give you a competitive edge (preferred qualifications)

* Bachelors or masters degree in Cybersecurity, Computer Science, Mathematics, Engineering, Information Systems, or equivalent
* Key industry certifications such as CISA, CRISC, CISM, CISSP, CEH, etc.
* Consulting experience with a public accounting firm in PCI, SOX, HIPAA, HITRUST, FEDRAMP, SOC reporting, Department of Defense (DoD), or other regulatory domain
* Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations, incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, technical support, or business continuity
* Experience with RSA Archer or equivalent GRC tool
* A history of driving transformational change