IT Security Engineer, Governance Risks and Compliance - Delta Air Lines Inc.
Atlanta, GA
About the Job
How you'll help us Keep Climbing (overview & key responsibilities)
The Security Engineer – Governance, Risk, and Compliance, is a creative, well-rounded communicator who excels at the strategy and the tactics necessary to ensure that the Information Security Governance team is effectively changing organizational behavior, fostering a secure culture, and reducing security risk through well documented and communicated policies, standards, and information security metrics.
This is a people-focused position with an opportunity to assist in creating new processes and solutions and drive results within a team responsible for transforming the way Information Security supports our business and helps protect the information our customers, employees and business partners entrust to our care.
We believe that Delta’s people play a critical role in our cyber threat defense and maintaining a vigilant and security-aware workforce is the best strategy for detecting and thwarting cyber-attacks, running a successful operation, serving our customers, and maintaining a world class workforce. In this role, you’ll partner closely with others in the Information Security Division to drive aligned results and solve the big problems.
Your responsibilities in the role:
- Provide Policy and Standards subject matter leadership through the development and maintenance of Delta’s Information Security policies, standards, and procedures. Updating them annually, ensuring alignment with applicable frameworks and regulations and ensuring that they are clear and able to be understood at all levels of the organization – from technical teams to our frontline personnel.
- Improve Delta’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Manage human risk and develop a strong security-driven culture where security is part of every employee’s day-to-day operation and attitudes.
- Analyze and identify the top human risks to the organization and the behaviors that must change to mitigate those risks. Develop, review, implement, and maintain a security awareness training programs to mitigate human risks. Ensure security awareness programs meet all industry regulations, standards, and compliance requirements and that all Delta people understand, acknowledge, and fulfill all applicable enterprise information security policies.
- Develop Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for a metrics dashboard to track and report operational capabilities, success factors, risks, threats, and compliance metrics to measure the effectiveness of Delta’s Information Security program.
- Ensure up to date process and procedure documentation for the team.
- Identify process improvement/automation opportunities and innovate new ways of doing things.
- Communicate, and deliver, the value of Information Security throughout all of Delta.
- Work as a member of the broader GRC, IT and Delta teams.
Atlanta, GA / Minneapolis, MN (Full-time remote not an option)
Benefits and Perks to Help You Keep Climbing
Our culture is rooted in a shared dedication to living our values – Care, Integrity, Resilience and Servant Leadership – every day, in everything we do. At Delta, our people are our success. At the heart of what we offer is our focus on Sharing Success with Delta employees. Exploring a career at Delta gives you a chance to see the world while earning great compensation and benefits to help you keep climbing along the way:
- Competitive salary, industry-leading profit sharing program, and performance incentives
- 401(k) with generous company contributions up to 9%
- New hires are eligible for up to 2-weeks of vacation. This is earned for use in the following vacation year (April 1 – March 31)
- In addition to vacation, new hires are eligible for up to 56 hours of paid personal time within a 12-month period
-
- 10 paid holidays per calendar year
- Birthing parents are eligible for 12-weeks of paid maternity/parental leave
- Non-birthing parents are eligible for 2-weeks of paid parental leave
- Comprehensive health benefits including medical, dental, vision, short/long term disability and life insurance benefits
- Family care assistance through fertility support, surrogacy and adoption assistance, lactation support, subsidized back-up care, and programs that help with loved ones in all stages
- Holistic Wellbeing programs to support physical, emotional, social, and financial health, including access to an employee assistance program offering support for you and anyone in your household, free financial coaching, and extensive resources supporting mental health
- Domestic and International space-available flight privileges for employees and eligible family members
- Career development programs to achieve your long-term career goals
- World-wide partnerships to engage in community service and innovative goals created to focus on sustainability and reducing our carbon footprint
- Business Resource Groups created to connect employees with common interests to promote inclusion, provide perspective and help implement strategies
- Recognition rewards and awards through the platform Unstoppable Together
- Access to over 500 discounts, specialty savings and voluntary benefits through Deltaperks such as car and hotel rentals and auto, home, and pet insurance, legal services, and childcare
What you need to succeed (minimum qualifications)
- Have exceptional communications skills and the ability to tell powerful and compelling stories through excellent writing skills, the ability to think and communicate clearly, formulate a clear point of view on complicated issues, and create a concise and well-written narrative.
- Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.
- Ability to create metrics, documentation, presentations, and procedures that communicate results effectively.
- Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
- Must have a high degree of initiative and the ability to manage multiple tasks, work under pressure and meet deadlines as required.
- Strong interpersonal, problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.
- Demonstrated ability to work independently and with others.
- Experience with creating and writing security policies or standards in support of organizational security programs or system accreditations.
- Ability to interact confidently with various levels of technical and leadership positions.
- Proven experience (3+ years) in governance, risk, or compliance roles in one or more of the following frameworks: PCI-DSS, SOX, NIST 800-171, NIST 800-53, CIS
- Consistently prioritizes safety and security of self, others, and personal data.
- Embraces diverse people, thinking, and styles.
- Possesses a high school diploma, GED, or high school equivalency.
- Is at least 18 years of age and has authorization to work in the United States.
What will give you a competitive edge (preferred qualifications)
- Bachelor’s degree or higher in a relevant field (information systems, cybersecurity, communications, behavioral science, and/or computer science).
- Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations, incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, or technical support
- Exposure to and familiarity with relevant standards such as ISO/IEC 27001 and 27002, NIST 800, and COBIT, and applicable laws related to information security and privacy (e.g., GDPR, PCI-DSS, SOX, HIPAA)
- Experience in developing executive presentations or status communications for multiple organization roles.
- A history of driving transformational change and building relationships across IT and the Business.
- Creative and visual skills including graphic, web, print and slide design
- Working knowledge of scripting languages (e.g., Python, PowerShell) for automating tasks
- Excellent analytical and problem-solving skills
- Meticulous attention to detail and accuracy
- CISSP, CISA, CISM, Security+ or other relevant security certifications.
- Experience with RSA Archer or equivalent GRC tool.
Source : Delta Air Lines Inc.