Register
Recruit Create CV
Unfortunately, this job posting is expired.
Don't worry, we can still help! Below, please find related information to help you with your job search.
Related keywords
Some similar recruitments
It Compliance Manager Jobs
Recruited by Assurit 8 months ago Address , Remote
Information Security Risk And Compliance Analyst
Recruited by Gen3 Technology Consulting 8 months ago Address , Remote
Info Sec Risk, Compliance Analyst
Recruited by North American Bancard 8 months ago Address , Remote
Governance, Risk And Compliance Technology Manager
Recruited by Mountain America Credit Union 8 months ago Address , Sandy, 84070
Senior It Risk Analyst (Ft Remote)
Recruited by Webster Financial Corp 8 months ago Address , Remote $90,000 - $105,000 a year
Governance, Risk And Compliance (Grc), Principal Engineer
Recruited by Stitch Fix 8 months ago Address , Remote
Government Compliance & Risk Analyst
Recruited by AmeriHealth Caritas 11 months ago Address , Remote
Risk Management & Compliance Governance Officer - Reporting/Analytics Associate
Recruited by JPMorgan Chase Bank, N.A. 11 months ago Address , Tampa, Fl
Risk And Compliance Manager
Recruited by American Express Global Business Travel 11 months ago Address , Remote $70,000 - $140,000 a year
Brightdrop - Senior Security Governance, Risk And Compliance Engineer
Recruited by General Motors 1 year ago Address , Palo Alto, 94306, Ca
Governance & Compliance Risk Senior Analyst (Remote)
Recruited by SWBC 1 year ago Address , Remote
Legal Risk & Compliance Intern
Recruited by WisdomTree 1 year ago Address , Remote $20 - $25 an hour
Grc (Governance, Risk, And Compliance) Manger
Recruited by G2 1 year ago Address , Remote
Model Risk Governance Framework Lead
Recruited by U.S. Bank National Association 1 year ago Address , Remote $140,930 - $182,380 a year
Lead Technology Risk Manager- Compliance And Governance
Recruited by Fifth Third Bank 1 year ago Address , Remote $83,600 - $167,600 a year

Senior Governance Risk And Compliance Analyst

Company

CAES
Address , Remote
Employment type FULL_TIME
Salary
Expires 2023-10-01
Posted at 9 months ago
Job Description
About Us:
We are CAES, a technologically advanced electronics company employing more than 2,400 talented makers, thinkers, innovators, and doers nationwide. We build things that solve challenging problems from deep space to the depths of the ocean. We serve customers in defense, aerospace, security, medical, and industrial markets.

Are you searching for a career with a company that offers challenging, diverse projects and opportunities? Are you looking for a position with a company that is growing and able to offer long-term professional advancement? Searching for a company that values a friendly work environment and that values YOU? Consider CAES. #peoplefocusedmissiondriven #everymissionmatters

A career with CAES is more than just a job, it is the pathway to a bright future.
Overview:
****************Remote anywhere within the US****************************

CAES is seeking a hands-on, highly motivated Governance Risk and Compliance Manager to join our Information Security team as a core member. This role reports to the Sr. Director, Governance Risk and Compliance under the Information Security organization and will support all aspects of cybersecurity compliance, risk management, supply chain risk management, identity and access management, privacy, and operational monitoring to validate and ensure the resiliency of our cybersecurity program, provide business enablement to CAES, and assure CAES customers of compliance. The Governance Risk and Compliance Manager is expected to be aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
Responsibilities:
  • Serve as lead auditor and support all GRC risk management and audit initiatives, including but not limited to, annual internal auditing of IT Security Controls, and external audits to achieve compliance such as DFARS Cybersecurity (NIST 800-171) and Cyber Maturity Model Certification (CMMC). Support certification efforts and perform regulation and standard gap analysis across the CAES environment.
  • Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. Participate in educational opportunities, read professional publications, maintain personal networks, and participate in professional organizations.
  • Work across multiple business units in a timely manner to develop response materials and action plans to address any anticipated or identified audit/assessment findings. Ensure findings and remediation efforts are tracked in the company’s GRC platform.
  • Ensures the enforcement of CAES security requirements including, but not limited to, Export Control and Controlled Unclassified Information (CUI).
  • Develop and maintain all system security plans (SSPs), and CAES Information Security policies and procedures. Support the development of policies, standards, procedures and guidelines in adherence with all applicable laws, regulatory frameworks, or client contractual requirements. Partner across functional teams for policy approvals and publishing of documentation.
  • Perform other duties and tasks as assigned.
  • Support CAES’s corporate privacy program, ensuring compliance with all applicable regulations (i.e. CCPA, GDPR).
  • Lead compliance audits and security risk assessments of business critical applications across the business. Collaborate with cross-functional owners to enhance the security posture of CAES’s applications to meet compliance initiatives and industry best practice.
  • Lead and support the evaluation of compliance risks and processes in complex information system environments to ensure appropriate controls exist, efficiency and accuracy with processes exist, and information system procedures comply with corporate policies and standards.
  • Enhance CAES’s Supply Chain Risk Management Program. Partner with cross-functional teams within CAES’s supply chain to tier CAES suppliers, conduct third party risk assessment and due diligence, review contracts, onboard suppliers, and ensure that CAES’s supply chain is secure and meets CAES contractual obligations.
  • Support CAES’s mergers and acquisition program as Information Security liaison to cross functional team, business leaders, and target acquisitions.
  • Support CAES’s Security Awareness Program. Assist GRC in disseminating training to CAES employees, and enforcing and tracking training attendance.
  • Support Identity and Access Management initiatives including entitlement reviews of access throughout CAES. Lead and manage CAES’s employee termination processes. Partner with cross functional teams to ensure compliance with all applicable regulations.
  • Lead the customer audit engagement process as the liaison for Information Security. Complete third-party assessment questionnaires. Support and collaborate with CAES customers and the Defense Industrial Base to provide assurance of CAES’s regulatory compliance and security posture.
  • Assists in the analysis and definition of security requirements. Contributes to the continuous improvement and optimization of processes for existing and new security initiatives.
  • Support GRC operational initiatives such as Information Security’s weekly action report and administering GRC’s internal ticketing system
  • Lead the reporting of monthly metrics and KPIs on the effectiveness of team operations to the Chief Information Security Officer.
Qualifications:
Minimum:
  • Be able to obtain a Department of Defense (DoD) position appropriate level security clearance.
  • Periodic travel is required (10-20%).
  • Experience in Information Security integration and compliance to support mergers and acquisition.
  • Ability to lead, support and operate within a cross-functional environment, by building and fostering relationships with other departments and stakeholders. Team-oriented and skilled in working within a collaborative environment.
  • Experience evaluating controls in relation to information security standards and frameworks such as NIST 800 Series, NIST CSF, ISO27001/2, SSAE18, SOX, and FedRAMP.
  • Experience in building and managing third-party risk assessment programs to support the cybersecurity function within supply chain sourcing and operations.
  • 8+ years of experience in or a combination of Information Security, IT auditing, Regulatory Compliance, Risk Management, Supply Chain Risk Management, Privacy, and Identity and Access Management.
  • Knowledge of risk management processes including internal audit, documentation of risk, managing risk registers, reducing cybersecurity risk though remediation, and reporting of risk.
  • Experience conducting logical and physical access entitlement reviews of access based on least privilege.
  • Experience in developing, supporting and executing corporate privacy programs based on GDPR and CCPA.
  • Certification or advanced skill in compliance, information security, audit or related domains (e.g CISSP, CISA, CISM, CRISC, CGEIT, CIPP, PCIP, etc.) is required.
  • IT audit and compliance experience of applicable regulatory requirements including NIST 800-171 and CMMC.
  • Bachelor’s degree in Computer Science, Engineering, or equivalent discipline.
Preferred:
  • 10-15 years of experience in or a combination of Information Security, IT auditing, Regulatory Compliance, Risk Management, Supply Chain Risk Management, Privacy, and Identity and Access Management.
  • Master’s degree in a Computer science, Cybersecurity or equivalent discipline
  • Experience using Exostar to answer customer questionnaires.
  • Experience with supporting Insider Threat programs.
  • Experience working within the Aerospace and Defense sector.
  • Current SECRET level or above Department of Defense (DoD) security clearance.
  • Highly self-motivated, self-starter and directed with keen attention to detail.
  • Ability to anticipate and respond to changing priorities, execute tasks and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
  • 3-5 years of experience in or a combination of Information Security Operations, Incident Response, and Network Security.
  • Excellent written and verbal communication skills, including ability to lead meetings and conduct interviews as well as draft clear and concise reports and written communications
  • Exceptional interpersonal skills with the ability to effectively interface with third parties and customers.
  • Basic experience in JavaScript, Python, .NET, and VBScript.
  • Professional services, consulting or other client-facing experience in an audit\governance setting is preferred.
  • Proven analytical and problem-solving abilities.

Employment Transparency:
BENEFITS
We take care of our people and provide competitive health, wealth and wellbeing benefits – from day one. You’ll also discover learning and development opportunities so you can take your career to the next level – and beyond.
Other benefits include:
  • Annual tuition reimbursement
  • Generous PTO and 11 paid holidays per year
  • Tailored management and leadership training
ABOUT CAES
CAES is the largest provider of analog and radiation hardened technology for the United States aerospace and defense industry. From human spaceflight and space exploration, to missile defense and electronic warfare, to healthcare solutions addressing COVID-19, our talented team develop high performing electronic solutions that work the first time, every time.
WE ARE AN EQUAL OPPORTUNITIES EMPLOYER
At CAES we welcome differences and celebrate new ideas. We believe the diversity of our people inspires our creativity and drives our innovation. Everyone is welcome here, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or genetic information.
We are committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation due to a disability for any part of the employment process, please email [email protected].