Sr Analyst, IT Security Compliance

Full job description

Overview:

At Spirit, our mission is to deliver the best value in the sky and be the most successful airline on Earth! We are leaders in providing customizable travel options and make it possible for our Guests to venture further and discover more than ever before by serving destinations throughout the U.S., Latin America, and the Caribbean! Imagine making your mark on an organization introducing 100’s of new aircraft that will double our fleet!

• Fly With A Winner: We are proud to be recognized by LinkedIn as a Top Company in the Travel & Hospitality industry. Our constant growth and improvement mean boundless career opportunities. Team Members develop their careers rapidly while building key skills that drive long-term success.
• The Giving Spirit: We are committed to inspiring positive change in the cities where we work and live. That starts with giving back through Corporate Social Responsibility and The Spirit Airlines Charitable Foundation.
• Be Yourself: We want Team Members to feel empowered to bring their whole self to work and contribute to our success – that’s why we’re committed to building progress in the areas of Diversity, Equity, Inclusion and Belonging. Our Spirit Family is strong, not despite our differences, but because of them.
• Travel The World: We offer competitive base salaries with robust health & welfare benefits, including travel & flight benefits for you and your family.

Responsibilities:

Job Summary

The Sr. IT Security Compliance Analyst will be responsible for day-to-day activities in implementing the information security governance, risk, and compliance program. The individual will assist in maintaining audit and compliance initiatives to ensure policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements including but not limited to SOX and PCI. Success in the role will be measured by the effectiveness of the implementation and operation of information security governance, risk, and compliance directives.

Responsibilities

• Identify, collect, organize, and review pertinent evidence such as user access reviews across multiple platforms and applications to determine compliance with relevant regulatory controls.
• Coordinate the internal and external SOX/PCI audits for IT.
• Acts as a liaison between Auditors and IT by coordinating requests for information and by coordinating responses to any observations.
• Establish and maintain security & controls, policies, and procedures in accordance with applicable regulations.
• Research new security compliance requirements and assist in the evaluation of compliance control requirements.
• Establish and report technology risk related metrics.
• Schedule and lead technical interviews with various stakeholders and leadership.
• Write detailed findings, remediation plans, and obtain supporting documentation.
• Ensures compliance with applicable information security standards and policies.
• Provide IT management guidance as to how to re-mediate pertinent action items to ensure ongoing compliance.
• Conduct and evaluate risk assessments for all kind of assets and entities including third parties.
• Effectively manages internal and external audit requests.
• Ensures timely delivery of completed user access reviews, respective remediation plans and actions.
• Ensures assets related findings are mitigated with appropriate controls.

Qualifications:

Education

o Bachelor’s degree or equivalent experience (indicate specific field, if required)

Experience

o 10+ years’ experience in IT audit, Information Security, and IT domains such as Governance, Risk, and Compliance (GRC), IT operations, incident response, identity and access management, penetration testing, vulnerability testing, e-discovery & forensics, application development, infrastructure, technical support, or business

o Previous experience in implementing and utilizing a GRC tool.

o Previous Identity and Access Management experience is a plus.

Certifications

o One or more of the following CISSP, CGRC, CISA, CRISC preferred

Specialized Skills & Competencies

• Working knowledge of how to apply information security frameworks such as NIST and ISO within an organization.
• Working knowledge of how to apply risk management frameworks within Information Security and the broader technology environment.
• Excellent written and verbal communication skills.
• Strong experience working with productivity tools such as MS Office
• Ability to interact confidently with various levels of technical and management positions.
• Possess a broad knowledge of technology operation group requirements and activities.
• Must be able to translate theoretical requirements into applicable policies and standards.
• Critical thinker
• Must be able to provide multiple solutions to complex problems – problem solver.

Other Job Requirements

o Onsite

• 
  Travel

o No travel required

• 
  Physical Effort

o Exerts up to 10 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects, including the human body. involves sitting most of the time but may involve walking or standing for brief periods of time.

EEOC Statement:

Spirit Airlines is an Equal Employment Opportunity employer. All aspects of employment are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or any other category protected by federal, state, or local law.