Senior Information Technology Risk Analyst

Delta Airlines

Job description

 

  • This position is available in either MSP or ATG. *

    Who We Want

    You are someone who, when asked to do the impossible, responds with a grin — “Bring it on!” You want a job, not because it is easy, but because you get to drive real transformational change. You are someone who is passionate about identifying, communicating, and reducing risk. For you, Information Security is a passion and not just a job.

    What We Do

    Delta Information Security Governance (ISG) is leading the effort to mature Delta’s growing Information Security practice. The team is actively working to implement a controls focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure Enterprise Risk and the effectiveness of the Information Security practice. We partner closely with others in the Information Security Division to drive aligned results. We have the opportunity to drive meaningful change through a well-established, well respected company leading the Aviation Industry.

    Job Summary

      • This position can be located in Atlanta or Minneapolis.
      • Evaluates, quantifies, and communicates risk across the vendor, internal controls, and cyber domains.
      • Establishes and communicates key risk and key performance indicators.
      • Engages with partners in Information Security, Information Technology, and Internal Audit to efficiently ensure compliance with SOX, PCI, and other regulatory/statutory requirements.


    Essential Responsibilities

      • Engage & consult with key partners to design and develop IT controls that mitigate risk to an acceptable level.
      • Document the controls, including the control description, process steps and testing criteria
      • Train and educate IT partners on IT risk, controls and control effectiveness testing
      • Periodically test control effectiveness, working with IT partners to close gaps in control effectiveness
      • Provide IT controls and risk data to enable reporting on control gaps and control effectiveness
      • Anticipate organizational impact & understand the risk associated with introducing new technologies or processes.
      • Perform special projects as assigned.
      • Requires self-starters who work well with in largely a self-directed environment.


    Required Experience

      • At least 5 to 7 years of IT Audit, SOX, or IT Security risk assessment experience
      • Solid knowledge of risk and security frameworks like NIST, ISO, and COSO
      • BS/MS in Cyber Security, Computer Science, Mathematics, Engineering, Information Services or equivalent
      • Ability to lead and mentor risk analysts
      • Must have the ability to listen to customers and colleagues; convey ideas effectively; prepare clear and concise documentation
      • Proactive in nature with customer satisfaction as a primary goal
      • Attention to detail and the ability to multitask
      • Experience working in a governance environment leveraging a risk and controls mindset.


    Preferred Experience

  • Key industry certifications such as CISA, CISM, CISSP, etc.

 

  • Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics.
  • Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.
  • Experience with RSA Archer.
  • A history of driving transformational change

 

To apply for this job please visit www.linkedin.com.