Key Areas of Responsibility
The IT GRC Analysts prime responsibilities include:
Governance
·Support the development of IT GRC policies, processes, and procedures to align across multiple regulatory compliance requirements. NIS2 / PART-IS/ AVSEC
·Contribute to the continuous improvement of IT governance initiatives across the organization.
·Drive the delivery of cross-functional training initiatives aimed at enhancing IT GRC understanding.
·Collaborate with Airport Safety and Security teams to ensure appropriate alignment between Governance Activities (IT, Safety, Security)
Risk Management
·Manage the IT Risk Register, ensuring team commitment to mitigate or eliminate risks.
·Conduct and document Risk Assessments of IT Systems (existing and newly proposed)
Compliance
·Ensure adherence to relevant legal and regulatory standards (e.g., NIS / NIS2, Part IS, AvSec, GDPR).
·Introduce Information Security Management System (ISMS) tooling to aid in the achievement of our goal of Continuous Compliance with applicable regulations.
·Conduct periodic tabletop exercises to ensure the IT and Senior Leadership teams responds in accordance with documented policies and procedures.
·Coordinate IT audits and compliance reviews, recording and managing any feedback items received from same.
Qualifications, Skills and Experience
The desirable competencies include:
·Bachelor's degree in IT, Computer Science, or a related discipline. Alternatively substantial relevant experience will be considered.
·3+ years' experience in a Compliance or Cyber Security focused role, with an interest in transitioning into an IT GRC role
·Certification in CISA, CRISC or CISSP preferred but not essential.
·Project experience with ISO-, NIS/NIS2, AVSEC, PART-IS regulations preferred but not essential.
·Experience with risk management methodologies and compliance tools.
·Track record in playing a significant role in achievement of regulatory compliance.
·Excellent communication, problem solving and analytical skills.
·Strong grasp of cyber security concepts (attack vectors, frameworks, etc)
#LI-VH2