Senior Analyst - IT, GRC
Req #: WHQ00015826-CT
Location: Chicago, IL US
Job Category:Information Technology
We have a wide variety of career opportunities around the world - come find yours.
The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.
Job overview and responsibilities
This role leads the development, implementation and adherence of the enterprise IT Security Governance, Risk Management & Compliance strategy which includes, Third Party Risk Management and compliance management.
* Assist in the development and implementation of an enterprise IT Third Party Security Risk Management strategy
* Conduct Third Party security risk assessments to ensure compliance to regulatory and statutory requirements, including industry specific guidelines, PCI DSS, SOX, HIPAA, ISO 27000, and COBIT
* Implement revisions and improvements to IT Security Governance, Risk Management and Compliance controls and Third Party processes in response to testing results and/or non-compliant findings
* Collaborate with key stakeholder and strategic partners to develop, document, implement and manage IT Third Party Risk Management Compliance frameworks, policies, and standards aligning with industry best practices
* Develop and nurture relationships with internal and external audit agencies to facilitate execution of third party assessments
* Monitor changes in legislation and compliance standards that affect IT Security Governance, Risk Management & Compliance and proactively act to update frameworks, policies, standards and best practices based on this information
* Develop dashboards to be used by leadership in decision making.
* Effectively communicate assessment findings, remediation recommendation and status to senior leadership
* Subject matter expertise in the fields of IT Security Governance, Risk Management & Compliance
* Strong knowledge of IT Security Governance, Risk Management & Compliance best practices, procedures and standards
* Willingness to expand upon known programming skills and continually develop/learn new technical skills in support of new tools/methods
* Excellent organizational and time management skills
* Attention to detail is a must
* Excellent verbal, written and presentation skills
* Ability to work independently and manage several simultaneous projects focus on quality results.
* BS or BA degree (preferably in a management or technology related field) or any combination of equivalent education, experience, and formal training that allows the candidate to meet the requirements of the job
* 5 or more years of information technology experience, at least 4 of them in a relevant information security and/or risk management field required
* Experience with IT and enterprise Governance, Risk Management & Compliance automation and policy/control compliance tools
* Must be legally authorized to work in the United States for any employer without sponsorship
* Successful completion of interview required to meet job qualification
* Reliable, punctual attendance is an essential function of the position
* Strong interpersonal skills, emotional intelligence, positive attitude, 5+ years of technology infrastructure experience at a large enterprise, leading without authority
* MS Computer Science or MS Information Security, CISSP, CISA, CGEIT, and/or relevant SANS/GIAC certificates
* Experience with one or more of the following: vulnerability scan, penetration testing, security architecture review, Data Loss Protection technology, information security policy development, PCI DSS, and SOX audit
Equal Opportunity Employer - Minorities/Women/Veterans/Disabled/LGBT
About United Airlines
United Airlines is an airline operating a domestic and international route network.