Reporting to the IT Security and Compliance Manager, the IT Security and Compliance Analyst is responsible for supporting the implementation and oversight of cybersecurity programs and incident management, Identity and Access Management systems, IT audit controls and discovery related to investigations. The position is also responsible for supporting the IT emergency response program, disaster recovery and business continuity planning. The incumbent will provide advice and guidance to peers within the IT organization around all topics related to IT security and will collaborate with both internal and external stakeholders to ensure cybersecurity standards are met and the company's systems remain secure from both internal and external threats. RESPONSIBILITIES:
- Manage and maintain on-prem / cloud-based directory services, identity and access management (IAM) systems, and related technologies to ensure efficient and secure user authentication, authorization, and directory services operations
- Monitor and analyze security events and incidents, investigate and respond to security incidents, and conduct investigations to determine the root cause and extent of security breaches. Tracking progress through to resolution
- Develop and implement incident response plans and procedures to minimize the impact of security incidents
- Conduct risk assessments to identify vulnerabilities and weaknesses in IT systems, networks, and applications. Evaluate risks and work with IT teams to implement appropriate security controls and safeguards to mitigate risks and protect critical assets
- Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, ITIL and ISO 27001. Develop existing policies, procedures, and controls to meet current and future regulatory requirements and maintain compliance posture, such as for the impending EASA Part-IS requirement
- Conduct security awareness training programs for employees to educate them on security best practices, policies, and procedures. Provide guidance and support to IT teams and business units on security-related matters
- Coordinate and participate in security audits and assessments, both internal and external, to evaluate the effectiveness of security controls and ensure compliance with policies, procedures, and standards
- Prepare reports on security incidents, investigations, risk assessments, and compliance status. Maintain documentation of security controls, policies, procedures, and standards for auditing and reporting purposes
QUALIFICATIONS:
- Bachelor's degree in computer science or related field with 3+ years of experience in a similar role
- CISM and/or CISSP certification preferred, strong ADDS knowledge also considered.
- Knowledge of Sarbanes Oxley (SOX) General IT Controls
- Knowledge of ITIL and Change Management concepts
- Critical thinking - ability to use logic and reasoning to identify the strengths and weaknesses of alternative solutions or approaches to resolving problems.
- Demonstrated experience participating in cross-functional project teams
- Ability to adjust and set priorities to meet project deadlines
- Strong written and verbal communication skills
- Good understanding of SOX and General Computer Controls
- Experience with managing third party technology and outsourced service providers
- Ability to work effectively in a professional manner with technology staff, business stakeholders, end users, management and others outside the organization, including OEMs and technology service providers
Bristow Group is an Equal Opportunity Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
|