Responsible for the design, testing, evaluation, implementation, support, management, and deployment of security systems/devices used to safeguard the organizations information assets. Also responsible for analyzing the information security environment and assisting with the development of security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. '-Works with the technical team to recover data after a security breach. -Configures and installs firewalls and intrusion detection systems. -Develops automation scripts to handle and track incidents. -Investigates intrusion incidents, conducts forensic investigations and mounts incident responses. -Delivers technical reports and formal papers on test findings. -Installs firewalls, data encryption, and other security measures. -Maintains access by providing information, resources, and technical support. -Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements. -Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations. -Accomplishes information systems and organization mission by completing related results as needed. '-Builds, deploys, and tracks security measurements for computer systems and networks. -Mitigates security vulnerabilities by implementing applicable solutions and tools. -Performs vulnerability testing, risk analyses, and security assessments. -Collaborates with colleagues on authentication, authorization, and encryption solutions. -Tests security solutions using industry standard analysis criteria. -Responds to information security issues during each stage of a projects lifecycle. -Performs risk assessments and testing of data processing systems. -Establishes system controls by developing framework for controls and levels of access; recommending improvements
-Establishes computer and terminal physical security by developing standards, policies, and procedures; coordinates with facilities security; recommends improvements. -Safeguards computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommends improvements. '-Determines the sensitivity of the data in order to recommend the appropriate security needs. -Develops proposals for, and consider cost effective equipment options to satisfy security needs. -Communicates with the technical team, management team and users companywide if data security is breached. -Designs infrastructure to alert the technical team of detected vulnerabilities. -Evaluates new technologies and processes that enhance security capabilities. -Supervises changes in software, hardware, facilities, telecommunications and user needs. -Defines, implements, and maintains corporate security policies. -Analyzes and advises on new security technologies and program conformance. -Creates, tests, and implements network disaster recovery plans. -Recommends security enhancements and purchases. -Trains staff on network and information security procedures. -Develops security awareness by providing orientation, educational programs, and on-going communication. -Recommends modifications in legal, technical and regulatory areas that affect IT security.
Quals--
IT is on a journey of transformation. We are changing the way we do business from top to bottom. As leaders with vision within Company, we strive to build important and innovative solutions and are looking for team members to help us realize our vision.
Company employees are problem solvers, doers, innovators.
We are proactive.
We are collaborative.
We deliver impact to our customers.
Join us on our transformation journey in becoming a best-in-class IT organization at the world's best airline!
As a member of Companys Information Security Governance, Risk, and Compliance organization, youll proactively identify, analyze, and remediate information security and technology risks throughout the third-party lifecycle (planning, due diligence, contract adherence, transition, continuous monitoring, and offboarding). Youll also have the opportunity to partner with IT Portfolios (Infrastructure and Reliability, Architecture, Channels Technology), key functional partners (Legal, Privacy, Corporate Audit) and external assessors.
Companys Information Security Governance, Risk, and Compliance (GRC) team is actively working to implement a controls-focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure Enterprise Risk and the effectiveness of the Information Security practice. We have the opportunity to drive meaningful change through a well-established, well-respected company leading the aviation industry.
Responsibilities
Participate in vendor risk management activities including but not limited to third party risk assessments, gap analysis, contract review, vendor breach and termination activities, and partner with internal stakeholders to monitor vendors.
Perform data analytics and create meaningful reports to effectively communicate outcomes from vendor management activities and relate security, compliance, and/or governance-related concepts and controls across a variety of audiences including non-technical audiences
Identify and communicate findings of non-compliance with company Information Security Standards and track to remediation or to an acceptable level of risk
Continuously work to improve the overall Vendor Risk Management Program through identifying opportunities and leading implementation activities
Provide guidance to the business, Strategic Sourcing and other stakeholders to ensure requirements of VRM are fully understood.
Serve as the subject matter expert in interpreting requirements and improve awareness of Operational Risks faced by Business from vendors failure/poor performance
Stay informed about the latest developments in the vendor risk management field.
Perform any other job-related instructions, as requested, with reasonable accommodation.
Why Youll Love the Company
Our culture is rooted in a shared dedication to living our values - Honesty, Integrity, Respect, Perseverance, and Servant Leadership - every day, in everything we do. Exploring a career gives you a chance to see the world while providing great benefits to help you keep climbing along the way:
Competitive salary, industry-leading profit sharing, and 401(k) with generous direct contribution and company match
Comprehensive health & wellness benefits including medical, dental, vision, short/long term disability and life benefits
Domestic and International Flight privileges for employees and eligible family members
Career development programs are available for your long-term career goals
Access to subsidized and vetted Backup Care for children, adults, and pets through Care.com
What you need to succeed (minimum qualifications):
5 or more years of experience with information technology security programs, audits, controls and/or third-party risk management
Ability to identify and assess IT security controls against policies and standards and Federal/State Regulatory requirements and identify and communicate gaps
Exceptional written and verbal communication skills
Advanced computer skills including Microsoft Office suite and other business-related software programs
Ability to effectively manage time and productivity with competing priorities in a rapidly changing, fast-paced, interactive, results-based team environment
Proven analytical / problem solving skills and ability to work with cross-functional teams
High School diploma, GED or High School Equivalency.
Embraces diverse people, thinking and styles.
Consistently makes safety and security, of self and others, the priority.
Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered for U.S.-based job.
What will give you a competitive edge (preferred qualifications):
Bachelors Degree or 5 plus years of relevant experience in Computer Science, Mathematics, Engineering, Information Systems, Management Information Systems or Information Security
Key industry certifications such as CISA, CISM, CISSP, CRISC, etc.
Knowledge of industry standard frameworks such as NIST Cybersecurity Framework, ISO 27001, NIST 800-30, etc.
Familiarity with third party information security attestations/certifications such as SOC I/II reports, ISO, PCI-DSS, SOX.
Comprehensive knowledge of third-party risk concepts, methodologies, governance structures and experience in managing risk and performing vendor risk assessments
Experience across Information Security domains such as governance & compliance, incident response, identity & access management, penetration testing, or e-discovery & forensics
Experience across IT domains such as application development, infrastructure, technical support and operations, cloud technologies and/or continuity of business
Experience with RSA Archer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. NLB is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, contact HR department by sending an e-mail to notifications@nlbservices.com.
