Dallas Fort Worth International Airport (DFW)
Senior IT Compliance Analyst
Dallas Fort Worth International Airport (DFW), Fort Worth, Texas, United States, 76102
Senior IT Compliance Analyst
Job Overview
Under supervision of the Senior Information Security Manager, works with the Technology Security and Compliance team to meet regulatory requirements and Board policies, protect the Board’s information assets and ensure continued compliance.
Principal Duties and Responsibilities
Partners with senior management to improve internal IT control framework, including integration of multiple compliance requirements and standards such as PCI-DSS, CJIS and TSA’s Cyber and IT security through the Airport Security Program (ASP) across all existing and new enterprise applications, services, networks and users.
Track internal and external control assessments, vulnerability reports, penetration reports, ASV scans, CJIS audits, internal and external audits, including remediation efforts.
Partner with various IT groups and DFW departments to meet agreed upon timelines to address security risks in a timely fashion.
Participate in regulatory compliance processes across the enterprise.
Interact with various business and IT groups to review, assess, and monitor compliance with various programs such as CJIS, PCI and HIPAA.
Support the development, maintenance and updating of information security policies, processes and procedures.
Assist in identifying and reporting risk areas and compliance issues to IT management, recommend cost effective remediation actions and continuously improve the control environment.
Partner with the ITS Project Management Office (PMO) to create managed work and projects around cyber and IT security compliance efforts.
Partner with departments and application owners to proactively coordinate the creation and collection of required disaster recovery planning prerequisites (Risk Assessments, BIA’s, Run Books, Diagrams, Assets, Resources, Dependencies and Test Plans).
Minimum Requirements
Bachelor's degree in computer science, business administration or related field.
Five (5) years of experience in risk management, governance, information technology or compliance.
Experience with PCI compliance and Disaster Recovery Plan development, testing and maintenance.
Experience using and/or administering a Governance, Risk, and Compliance (GRC) enterprise platform and Disaster Recovery Assurance Application.
Experience using Security-related (vulnerability, SSL tracking, etc.) platforms to gather information for compliance reporting.
Any equivalent combination of education and/or experience may be substituted for the above on a year-for-year basis.
Possession of a valid class C driver's license.
Required Knowledge, Skills, and Abilities
Knowledge and experience in reviewing third-party security reports (SOC 1 & 2)
Knowledge of CIS Version 7 or 8, NIST Cybersecurity Framework and Shared Assessments
Knowledge of information security concepts, standards, frameworks and best practices
Knowledge of principles and procedures involved in handling sensitive data
Knowledge of Single Sign On (SSO), Multifactor Authentication (MFA), Privilege Access Management (PAM) and Encryption
Ability to communicate clearly and effectively, both orally and in writing, at all levels within and outside the organization
Ability to establish and maintain effective working relationships inside and outside the organization
Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the Airport Board
Strong organization skills with the ability to handle multiple work streams
Skill in project management, problem-solving and conflict resolution
Skill in all Microsoft 365 solutions, PowerBI reporting, and DocuSign
High integrity and business ethics
Special Requirements
Must obtain a Security Identification Display Area (SIDA) Airport Identification/Access Badge (badge) in accordance with Department of Homeland Security Transportation Security Administration (TSA) requirements within thirty (30) days from date of employment and maintain qualification for a SIDA badge upon each badge renewal.
Desirable
Ability to work efficiently and independently with minimum supervision (self-motivated and willing to stretch to meet important deadlines).
General knowledge of CIS, ISO 27001, NIST 800-53 and other control frameworks.
Familiarity with GRC and Data Protection Tools.
Security certifications such as CIPP, CISA, Others
Business acumen to consider the implications of Information Security and Compliance to the current and future environment.
About Us Dallas Fort Worth International Airport (DFW) is one of the most successful airports in the world by any definition. Recognized for its innovation, leadership, drive for excellence, and talented employees, DFW is dedicated to providing an exceptional customer experience and connecting our community to the world. We are looking for the best talent to join us and help reimagine what an airport can be. Bring your talents to DFW. Live and work with purpose.
Job Details
Seniority level: Mid-senior level
Employment type: Full-time
Job function: Information Technology
Industry: Airlines and Aviation
#J-18808-Ljbffr
Principal Duties and Responsibilities
Partners with senior management to improve internal IT control framework, including integration of multiple compliance requirements and standards such as PCI-DSS, CJIS and TSA’s Cyber and IT security through the Airport Security Program (ASP) across all existing and new enterprise applications, services, networks and users.
Track internal and external control assessments, vulnerability reports, penetration reports, ASV scans, CJIS audits, internal and external audits, including remediation efforts.
Partner with various IT groups and DFW departments to meet agreed upon timelines to address security risks in a timely fashion.
Participate in regulatory compliance processes across the enterprise.
Interact with various business and IT groups to review, assess, and monitor compliance with various programs such as CJIS, PCI and HIPAA.
Support the development, maintenance and updating of information security policies, processes and procedures.
Assist in identifying and reporting risk areas and compliance issues to IT management, recommend cost effective remediation actions and continuously improve the control environment.
Partner with the ITS Project Management Office (PMO) to create managed work and projects around cyber and IT security compliance efforts.
Partner with departments and application owners to proactively coordinate the creation and collection of required disaster recovery planning prerequisites (Risk Assessments, BIA’s, Run Books, Diagrams, Assets, Resources, Dependencies and Test Plans).
Minimum Requirements
Bachelor's degree in computer science, business administration or related field.
Five (5) years of experience in risk management, governance, information technology or compliance.
Experience with PCI compliance and Disaster Recovery Plan development, testing and maintenance.
Experience using and/or administering a Governance, Risk, and Compliance (GRC) enterprise platform and Disaster Recovery Assurance Application.
Experience using Security-related (vulnerability, SSL tracking, etc.) platforms to gather information for compliance reporting.
Any equivalent combination of education and/or experience may be substituted for the above on a year-for-year basis.
Possession of a valid class C driver's license.
Required Knowledge, Skills, and Abilities
Knowledge and experience in reviewing third-party security reports (SOC 1 & 2)
Knowledge of CIS Version 7 or 8, NIST Cybersecurity Framework and Shared Assessments
Knowledge of information security concepts, standards, frameworks and best practices
Knowledge of principles and procedures involved in handling sensitive data
Knowledge of Single Sign On (SSO), Multifactor Authentication (MFA), Privilege Access Management (PAM) and Encryption
Ability to communicate clearly and effectively, both orally and in writing, at all levels within and outside the organization
Ability to establish and maintain effective working relationships inside and outside the organization
Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the Airport Board
Strong organization skills with the ability to handle multiple work streams
Skill in project management, problem-solving and conflict resolution
Skill in all Microsoft 365 solutions, PowerBI reporting, and DocuSign
High integrity and business ethics
Special Requirements
Must obtain a Security Identification Display Area (SIDA) Airport Identification/Access Badge (badge) in accordance with Department of Homeland Security Transportation Security Administration (TSA) requirements within thirty (30) days from date of employment and maintain qualification for a SIDA badge upon each badge renewal.
Desirable
Ability to work efficiently and independently with minimum supervision (self-motivated and willing to stretch to meet important deadlines).
General knowledge of CIS, ISO 27001, NIST 800-53 and other control frameworks.
Familiarity with GRC and Data Protection Tools.
Security certifications such as CIPP, CISA, Others
Business acumen to consider the implications of Information Security and Compliance to the current and future environment.
About Us Dallas Fort Worth International Airport (DFW) is one of the most successful airports in the world by any definition. Recognized for its innovation, leadership, drive for excellence, and talented employees, DFW is dedicated to providing an exceptional customer experience and connecting our community to the world. We are looking for the best talent to join us and help reimagine what an airport can be. Bring your talents to DFW. Live and work with purpose.
Job Details
Seniority level: Mid-senior level
Employment type: Full-time
Job function: Information Technology
Industry: Airlines and Aviation
#J-18808-Ljbffr