3 months ago
Who We Want:
You are someone who, when asked to do the impossible, responds with a grin -- "Bring it on!" You want a job, not because it is easy, but because you get to drive real transformational change. You are someone who is passionate about identifying, communicating, and reducing risk. For you, Information Security is a passion and not just a job.
What We Do:
Delta Information Security Governance (ISG) is leading the effort to mature Delta's growing Information Security practice. The team is actively working to implement a controls focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure Enterprise Risk and the effectiveness of the Information Security practice. We partner closely with others in the Information Security Division to drive aligned results. We have the opportunity to drive meaningful change through a well-established, well respected company leading the Aviation Industry.
- This position can be located in Atlanta or Minneapolis.
- Engage business unit and functional leadership and gaining support for the security initiatives, while solving security challenges
- Evaluates, quantifies, and communicates risk across the vendor, internal controls, and cyber domains.
- Provide governance over program/projects over second line of defense activities. Develop business cases to support investments, control mapping, architecture security assessment.
- Establishes and communicates key risk and key performance indicators.
- Engages with partners in Information Security, Information Technology, and Internal Audit to efficiently ensure compliance with SOX, PCI, and other regulatory/statutory requirements.
- Analyze IT relevant policies, standards and procedures against dedicated frameworks (NIST, ITIL, ISO) to provide guidance for driving continually effective and efficient processes.
- Coordinate with internal and external audit teams to understand the objectives, scope and timeline.
- Engage & consult with key partners within Delta to develop relationships to facilitate partnership & alignment.
- Anticipate organizational impact & understand the risk associated with introducing new technologies or processes.
- Exceptional written and verbal communication skills with a demonstrated ability to develop and maintain relationship.
- Perform special projects as assigned, while effectively manage time with competing priorities.
- Requires self-starters who work well with in largely a self-directed environment.
- Minimum of 7 years work experience in IT or internal audit or compliance related function with at least 3 year of information security experience.
- BS/MS in Cyber Security, Computer Science, Mathematics, Engineering, Information Services or equivalent.
- Experience working in a governance environment leveraging a risk and controls mindset.
- Understanding and working knowledge of cybersecurity governance frameworks such as NIST and SANS.
- Excellent verbal and written skills; and excellent organizational and time management skills.
- Key industry certifications such as CISA, CISM, CISSP, etc.
- Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics.
- Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.
- Experience with RSA Archer or equivalent GRC tool.
- A history of driving transformational change.