Overview
The IT GRC Analyst's primary responsibilities include the following areas of responsibility.
Governance
* Support the development of IT GRC policies, processes, and procedures to align across multiple regulatory compliance requirements. NIS2 / PART-IS / AVSEC
* Contribute to the continuous improvement of IT governance initiatives across the organization.
* Drive the delivery of cross-functional training initiatives aimed at enhancing IT GRC understanding.
* Collaborate with Airport Safety and Security teams to ensure appropriate alignment between Governance Activities (IT, Safety, Security).
Risk Management
* Manage the IT Risk Register, ensuring team commitment to mitigate or eliminate risks.
* Conduct and document Risk Assessments of IT Systems (existing and newly proposed).
Compliance
* Ensure adherence to relevant legal and regulatory standards (e.g., NIS / NIS2, Part IS, AvSec, GDPR).
* Introduce Information Security Management System (ISMS) tooling to aid in the achievement of our goal of Continuous Compliance with applicable regulations.
* Conduct periodic tabletop exercises to ensure the IT and Senior Leadership teams respond in accordance with documented policies and procedures.
* Coordinate IT audits and compliance reviews, recording and managing any feedback items received from same.
Qualifications, Skills and Experience
* Bachelor’s degree in IT, Computer Science, or a related discipline. Alternatively substantial relevant experience will be considered.
* 3+ years’ experience in a Compliance or Cyber Security focused role, with an interest in transitioning into an IT GRC role.
* Certification in CISA, CRISC or CISSP preferred but not essential.
* Project experience with ISO-27001, NIS/NIS2, AVSEC, PART-IS regulations preferred but not essential.
* Experience with risk management methodologies and compliance tools.
* Track record in playing a significant role in achievement of regulatory compliance.
* Excellent communication, problem solving and analytical skills.
* Strong grasp of cyber security concepts (attack vectors, frameworks, etc).
#LI-VH2
#J-18808-Ljbffr