GRC Information Security Analyst - Standard Aero

Build an Aviation Career You’re Proud Of 

At StandardAero, we use our ingenuity and know-how to find solutions for the simple to the most complex challenges in aviation. Together, we get the job done and done well. Our stability, resources, and respectful culture supports you in building a solid career with a great team you can count on day in and day out for the long term. 

Working as part of the Information Security office under the CISO, within the IT department at StandardAero, the GRC Analyst will be responsible for leading the day-to-day Information Security and Cybersecurity compliance requirements, data governance, and information security risk management functions. The role will include primary responsibility for defining, creating, and managing Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Information Security program management support.

The GRC Analyst will also support the development and maintenance of an organization wide Cyber Education and awareness program to include awareness communications, training course development, and social engineering testing.

Responsibilities include:

• Develop IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.
• Identify key cybersecurity requirements for StandardAero based on understanding the organization business objectives, cybersecurity risk appetite and considering: key threats, regulatory, legal and customer requirements, and technology trends.
• This role oversees compliance with Information Security Policies and Standards including exception management, Key Risk Indicator (KRI) reporting as well as overall Program Management support.
• Support the development and maintenance of the risk register, tracking identified risks and remediation efforts.
• Work with leadership to prioritize and remediate risks based on potential impact.
• Partners with Third-Party Risk Management (TPRM) to continuously improve the TPRM program as the subject matter experts for Information Security and Cyber Security.
• Completes vendor assessments for engagements, including management reporting.
• Responsible for identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments.
• Works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to management and various stakeholders.
• Collaborate closely with the legal department to provide oversight of customer’s cyber security compliance requirements reporting. 
• Interfaces between both internal and external auditors for compliance initiatives, including providing requested audit inputs.
• Stay current on security industry trends, relevant federal government and customer specific compliance requirements, and security best practices.
• Provides assistance to system users relative to information systems security matters.
• Creates information security and cyber awareness communications and training content for all employees.
• Assists with social engineering testing and remedial training for all employees.
• Supports the overall program management function including KRI and metric reporting, audit, and roadmap reporting for senior management.
• Advise internal customers on applicability and interpretation of the standards' requirements.
• Interact with related stakeholders to ensure consistent application of cybersecurity policies and standards.
• Other duties may be assigned.

Requirements

• Must be authorized to work in the U.S.
• Bachelor’s degree in a related field and/or two (4) years of work-related experience in Information Security or Information Technology.
• Travel as required (up to 10%).

Preferences

• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) or other industry certification.
• 4+ years of work related experience in information technology.
• 4+ years of work related experience in IT Risk, Compliance, Audit and/or Advisory.
• Must have and maintain or be able to obtain within one year of employment at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.
• Familiarity with technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks, NIST Risk Management Framework Special Publication 800-53, NIST 800-171 family of controls.

Benefits that make life better:  

• Comprehensive Healthcare 
• 401(k) with 100% company match; up to 5% vested 
• Paid Time Off starting on day one 
• Bonus opportunities 
• Health- & Dependent Care Flexible Spending Accounts 
• Short- & Long-Term Disability 
• Life & AD&D Insurance 
• Learning & Training opportunities 

Raising the Standard of Excellence since 1911  

With over a century of proven excellence, StandardAero has become an industry leader in MRO services and customized solutions in the aerospace field. Our shared values and learning-based culture inspire our team to exceed their potential and power our customers’ missions worldwide. With on-the-job training, advancement opportunities, and excellent benefits, StandardAero invites you to experience a fulfilling and meaningful career with us.  

Inclusivity Is Our Standard  

StandardAero offers equal employment opportunities for all. Our supportive environment celebrates diversity with no room for harassment or discrimination of any kind. We invite you to bring your authentic self to our team and experience our welcoming culture.