GRC Analyst

GRC Analyst

Full Time

Dallas Tx - Hybrid

FOCUS

• Ensure secure communications systems relied upon for our ANSP Program, with concentrated attention towards risk, governance, vulnerability management, policies, and standards.

RESPONSIBILITIES

• Develop and implement security policies and standards, ensuring compliance with industry regulations and best practices.

• Conduct risk assessments and vulnerability assessments to identify1 and mitigate security risks.

• Manage the vulnerability management program, including vulnerability scanning, penetration testing, and remediation.

• Develop and deliver security awareness training programs.

• Collaborate with stakeholders to integrate security considerations into the design and development of new aviation systems.

• Stay informed about emerging threats and vulnerabilities in the aviation industry.

SKILLS

• Cybersecurity Risk & Governance Expertise: Requires 3-5 years of progressive cybersecurity engineering experience with a deep understanding of risk management frameworks (NIST SP 800-37, ISO 27005), governance principles, vulnerability management, and security policy development.

• Risk Assessment & Mitigation: Proven experience conducting risk assessments (NIST 800-30, NIST CSF), identifying vulnerabilities, analyzing threats, and developing effective mitigation strategies.

• Vulnerability Management Program Expertise: Expertise in vulnerability management tools and processes, including vulnerability scanning, penetration testing coordination, vulnerability prioritization, and remediation tracking.

• Policy & Standard Development & Implementation: Strong ability to develop, document, and implement security policies, standards, and procedures that align with industry best practices, regulatory requirements, and risk tolerance

• Communication & Stakeholder Collaboration: Excellent communication (written and verbal) and interpersonal skills to effectively communicate security risks, governance strategies, and policy recommendations to diverse stakeholders, including technical teams, management, and external partners.

PREFERRED CERTIFICATIONS

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• CISA (Certified Information Systems Auditor)

• CRISC (Certified in Risk and Information Systems Control)

• CompTIA Security+

TOOLS AND TECHNOLOGIES

• Risk Management Frameworks: (e.g., NIST RMF, NIST CSF, ISO 27005)

• Risk Assessment Methodologies: (e.g., NIST 800-30, Threat Modeling)

• GRC Platforms: (e.g., ServiceNow GRC, RSA Archer)

• Vulnerability Management Tools: (e.g., Tenable Nessus, Tanium)

• Penetration Testing Understanding: (Familiarity with tools & methodologies for report interpretation)

• Policy & Collaboration Tools: (e.g., SharePoint, Microsoft Teams, Policy Management Platforms)

Surrounding team/key projects:

• Develop and implement a Cybersecurity Risk Management Framework for ANSP Ground Systems (Based on NIST RMF or ISO 27005)

• Establish and mature vulnerability management program for aircraft ground infrastructure

• Develop and deploy a suite of Security Policies and Standards for Aviation System Development Lifecycle (SDLC)

• Conduct a comprehensive Cybersecurity Risk Assessment of a Critical Aviation Ground Systems using NIST 800-30

• Develop and deliver targeted Security Awareness Training for Aviation Operations Personnel on a Specific Risk Area