Security Analyst Governance Risk and Compliance

Description:

Delta Airlines has joined OneTen, a coalition of leading executives and their companies who came together to upskill, hire and promote one million Black Americans over the next 10 years who do not have a four-year degree into family-sustaining jobs. 

Delta Airlines is searching for Security Analyst Governance Risk and Compliance in Atlanta, GA and is actively seeking Talent from the OneTen network.

Security Analyst Governance Risk and Compliance  

Location:  Atlanta, GA (Hybrid)

Salary Range:  $74.4K – $167.7K

Application Deadline: August 14th, 2023

As a member of the IT Risk team within Delta’s Information Security Governance Risk and Compliance organization, you will serve as second line of defense to manage and monitor information security and technology risks.  You’ll partner with IT Portfolios (Infrastructure and Reliability, Architecture, Channels Technology), key functional partners (Legal, Privacy, Corporate Audit) and external assessors.  

Delta Information Security Governance (ISG) is leading the effort to mature Delta’s growing Information Security practice.  The team is actively working to implement a controls focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure Enterprise Risk and the effectiveness of the Information Security practice. 

Job Summary:

• Evaluates, quantifies, and communicates risk across the vendor, internal controls, and cyber domains.
• Establishes and communicates key risk and key performance indicators.
• Engages with partners in Information Security, Information Technology, and Internal Audit to efficiently ensure compliance with SOX, PCI, and other regulatory/statutory requirements.

Responsibilities:

• Engage & consult with key partners to design and develop IT controls that mitigate risk to an acceptable level.
• Document the controls, including the control description, process steps and testing criteria
• Train and educate IT partners on IT risk, controls and control effectiveness testing
• Periodically test control effectiveness, working with IT partners to close gaps in control effectiveness
• Provide IT controls and risk data to enable reporting on control gaps and control effectiveness
• Anticipate organizational impact & understand the risk associated with introducing new technologies or processes. 
• Perform special projects as assigned.
• Requires self-starters who work well with in largely a self-directed environment.

Minimun Qualification:

• At least 3 to 5 years of IT Audit, SOX, or IT Security risk assessment experience
• Solid knowledge of risk and security frameworks like NIST, ISO, and COSO
• Must have the ability to listen to customers and colleagues; convey ideas effectively; prepare clear and concise documentation.
• 1-3 years’ experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business
• Possesses a high school diploma, GED, or high school equivalency. 
• Is at least 18 years of age and has authorization to work in the United States.

Successful Profile: 

• Key industry certifications such as CISA, CISM, CISSP, etc.
• Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics.
• Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.
• Experience with RSA Archer.
• A history of driving transformational change.
• BS/MS in Cyber Security, Computer Science, Mathematics, Engineering, Information Services or equivalent