5 months ago
Who We Want:
Are you are someone who, when asked to do the impossible, responds with a grin -- "Bring it on!"? Are you highly organized, energetic leader who possesses and out of the box approach to problem solving? Is Information Security a passion and not just a job for you? Do you enjoy managing a diverse team of talent towards success and personal growth? If you have answered 'yes" to the preceding questions, then we are interested in speaking with you about leading efforts to ensure Information Technology at Delta Air Lines adheres to our policies, standards and frameworks in order to ensure the Integrity, Confidentiality and Availability of Delta's information assets.
What We Do:
Delta Information Security Governance (ISG) is leading the effort to mature Delta's growing Information Security practice. The team is actively working to implement a controls focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure Enterprise Risk and the effectiveness of the Information Security practice. We partner closely with others in the Information Security Division to drive aligned results. We have the opportunity to drive meaningful change through a well-established, well respected company leading the Aviation Industry.
- This position can be located in Atlanta or Minneapolis.
- Engage business unit and functional leadership and gaining support for the security initiatives, while solving security challenges
- Evaluates, quantifies, and communicates risk across the vendor, internal controls, and cyber domains.
- Provide governance over program/projects over second line of defense activities. Develop business cases to support investments, control mapping, architecture security assessment.
- Establishes and communicates key risk and key performance indicators.
- Engages with partners in Information Security, Information Technology, and Internal Audit to efficiently ensure compliance with SOX, PCI, and other regulatory/statutory requirements.
- Analyze IT relevant policies, standards and procedures against dedicated frameworks (NIST, ITIL, ISO) to provide guidance for driving continually effective and efficient processes.
- Coordinate with internal and external audit teams to understand the objectives, scope and timeline and where necessary help facilitate material and meeting requests
- Advisor to business leaders within IT on industry and regulatory requirements, leading practices, quality of risk and control effectiveness.
- Manage staff and co-sourced resources to ensure execution of activities completed in a timely and quality manner.
- Advice risk and control owners on remediation activities required to address policy compliance issues.
- Anticipate organizational impact & understand the risk associated with introducing new technologies or processes.
- Exceptional written and verbal communication skills with a demonstrated ability to develop and maintain relationship.
- Perform special projects as assigned, while effectively manage time with competing priorities.
- Minimum of 9 years work experience in information security or internal audit or compliance related function with at least 3 year of management experience.
- BS/MS in Cyber Security, Computer Science, Business, Engineering, Information Services or equivalent.
- Experience working in a governance environment leveraging a risk and controls mindset.
- Understanding and working knowledge of cybersecurity governance frameworks such as NIST and SANS.
- Excellent verbal and written skills; and excellent organizational and time management skills.
- Key industry certifications such as CISA, CISM, CISSP, etc.
- Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics.
- Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.
- Experience with RSA Archer or equivalent GRC tool.
- A history of driving transformational change.