Frontier Group Holdings
Analyst - IT Governance Risk & Compliance
Frontier Group Holdings, Denver, Colorado, United States, 80202
Analyst - IT Governance Risk & Compliance
Job Category: Information Technology Requisition Number: ANALY005031 Denver, CO 80239, USA Pay or shift range: $72,000 USD to $96,331 USD. The estimated range is the budgeted amount for this position. Final offers are based on various factors, including skill set, experience, location, qualifications, and other job-related reasons. Job Details
Description
At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - it's our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need
saving them money along the way. Low Fares Done Right is our mission and we strive to bring it to life every day. Our 'Done Right' promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - we're not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality. At Frontier, we like to think we're creating something very special for our team members. Work is why we're here, but the perks are nice too: Flight benefits for you and your family to fly on Frontier Airlines. Buddy passes for your friends so they can experience what makes us so great. Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages. Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors. Enjoy a 'Dress for your Day' business casual environment. Flexible work schedules that support work/life balance. Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date. We play our part to make a difference. The HOPE League, Frontier Airlines' non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship. Frontier Airlines is a leading ultra-low cost carrier headquartered in Denver, Colorado. With a mission to deliver Low Fares Done Right, the company provides affordable, convenient and accessible air travel throughout the U.S., Caribbean, Mexico and Latin America. Frontier's highly fuel-efficient, all-Airbus fleet is among the youngest and most modern of any carrier within the U.S. That, combined with the airline's many weight-saving initiatives and focus on operational efficiencies, makes Frontier America's Greenest Airline.* Each Frontier Airlines plane tail features a special animal with a unique name and backstory. Many of the featured species are endangered or threatened, part of the airline's commitment to underscore and raise awareness for their plight. Frontier serves approximately 100 destinations throughout North America and operates 500-plus daily flights, on average. The airline employs more than 7,000 team members and has crew bases in more than a dozen U.S. cities. Frontier Airlines., Inc., is a subsidiary of Frontier Group Holdings, Inc. (NASDAQ: ULCC). * Frontier is the most fuel-efficient of all major U.S. carriers when measured by ASMs per fuel gallon consumed. What Will You Be Doing? The IT Governance, Risk, & Compliance (GRC) Analyst will support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The IT GRC Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, TSA, and data privacy standards/regulations. The analyst will implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The analyst will have a unique opportunity to partner and engage with departments across the organization, including Cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams. Essential Functions Make an impact on the organization's security program and services through experience with various cybersecurity concepts including data governance, risk management, metrics, audit, policy, and standards development. Partner with Finance, Accounting, and Internal Audit teams to understand our processes and how technology controls fit into those processes. Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability. Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies. Support control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews. Assist in conducting management audits, producing reports with recommendations for remediation and improvement. Support development and implementation of security policies, procedures, and documented security controls. Maintain a regulatory (PCI/SOX/TSA) control database, inventorying control ownership, control objectives, and testing objectives. Support and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments. Support key operations of due diligence, on-going monitoring, and risk exception/waiver management. Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results. Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives. Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards. Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA. Support development and dissemination of cybersecurity training and awareness for organizational users, administrators, and developers. Assist in the management and maintenance of the enterprise-wide Cybersecurity Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, bulletins, and newsletters. Support controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective. Perform assessments on our Third Parties, aimed at reducing organizational risk from an cybersecurity perspective. Support the delivery of relevant and actionable reporting/presentations to stakeholders and executive management. Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, TSA, PCI, and SOX) and escalate findings appropriately. Performs other related duties as assigned. Qualifications Bachelor's degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field. 3+ years' experience in vendor risk management, IT risk management, and/or data privacy role. 2+ years' experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role. Ability to develop policies, standards, and procedures in compliance with laws, regulations, and industry best practices in support of organizational cyber activities. Preferred, but not required: Experience with the airline industry a plus. Hold an active GRC certification, such as CISSP, CISA, CISM, CRISC, CRMA, or GIAC. Big-4 accounting firm experience is a plus. Knowledge
Job Category: Information Technology Requisition Number: ANALY005031 Denver, CO 80239, USA Pay or shift range: $72,000 USD to $96,331 USD. The estimated range is the budgeted amount for this position. Final offers are based on various factors, including skill set, experience, location, qualifications, and other job-related reasons. Job Details
Description
At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - it's our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need
saving them money along the way. Low Fares Done Right is our mission and we strive to bring it to life every day. Our 'Done Right' promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - we're not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality. At Frontier, we like to think we're creating something very special for our team members. Work is why we're here, but the perks are nice too: Flight benefits for you and your family to fly on Frontier Airlines. Buddy passes for your friends so they can experience what makes us so great. Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages. Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors. Enjoy a 'Dress for your Day' business casual environment. Flexible work schedules that support work/life balance. Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date. We play our part to make a difference. The HOPE League, Frontier Airlines' non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship. Frontier Airlines is a leading ultra-low cost carrier headquartered in Denver, Colorado. With a mission to deliver Low Fares Done Right, the company provides affordable, convenient and accessible air travel throughout the U.S., Caribbean, Mexico and Latin America. Frontier's highly fuel-efficient, all-Airbus fleet is among the youngest and most modern of any carrier within the U.S. That, combined with the airline's many weight-saving initiatives and focus on operational efficiencies, makes Frontier America's Greenest Airline.* Each Frontier Airlines plane tail features a special animal with a unique name and backstory. Many of the featured species are endangered or threatened, part of the airline's commitment to underscore and raise awareness for their plight. Frontier serves approximately 100 destinations throughout North America and operates 500-plus daily flights, on average. The airline employs more than 7,000 team members and has crew bases in more than a dozen U.S. cities. Frontier Airlines., Inc., is a subsidiary of Frontier Group Holdings, Inc. (NASDAQ: ULCC). * Frontier is the most fuel-efficient of all major U.S. carriers when measured by ASMs per fuel gallon consumed. What Will You Be Doing? The IT Governance, Risk, & Compliance (GRC) Analyst will support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The IT GRC Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, TSA, and data privacy standards/regulations. The analyst will implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The analyst will have a unique opportunity to partner and engage with departments across the organization, including Cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams. Essential Functions Make an impact on the organization's security program and services through experience with various cybersecurity concepts including data governance, risk management, metrics, audit, policy, and standards development. Partner with Finance, Accounting, and Internal Audit teams to understand our processes and how technology controls fit into those processes. Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability. Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies. Support control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews. Assist in conducting management audits, producing reports with recommendations for remediation and improvement. Support development and implementation of security policies, procedures, and documented security controls. Maintain a regulatory (PCI/SOX/TSA) control database, inventorying control ownership, control objectives, and testing objectives. Support and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments. Support key operations of due diligence, on-going monitoring, and risk exception/waiver management. Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results. Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives. Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards. Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA. Support development and dissemination of cybersecurity training and awareness for organizational users, administrators, and developers. Assist in the management and maintenance of the enterprise-wide Cybersecurity Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, bulletins, and newsletters. Support controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective. Perform assessments on our Third Parties, aimed at reducing organizational risk from an cybersecurity perspective. Support the delivery of relevant and actionable reporting/presentations to stakeholders and executive management. Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, TSA, PCI, and SOX) and escalate findings appropriately. Performs other related duties as assigned. Qualifications Bachelor's degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field. 3+ years' experience in vendor risk management, IT risk management, and/or data privacy role. 2+ years' experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role. Ability to develop policies, standards, and procedures in compliance with laws, regulations, and industry best practices in support of organizational cyber activities. Preferred, but not required: Experience with the airline industry a plus. Hold an active GRC certification, such as CISSP, CISA, CISM, CRISC, CRMA, or GIAC. Big-4 accounting firm experience is a plus. Knowledge