How you'll help us Keep Climbing (overview & key responsibilities)

The Senior Security Analyst, Governance, Risk and Compliance is someone who, when asked to do the impossible, responds with a grin -- "Bring it on!" You want a job, not because it is easy, but because you get to drive real transformational change. You are someone who is passionate about identifying, communicating, and reducing risk. For you, Information Security is a passion and not just a job! This position can be located in Atlanta, GA or Minneapolis, MN.

Delta Information Security Governance Risk and Compliance (ISGRC) is leading the effort to mature Delta’s growing Information Security practice. The team is actively working to implement a controls focused mindset, shift our approach from a compliance focus to a risk focus, and establish meaningful metrics to truly measure enterprise risk and the effectiveness of the Information Security practice. We partner closely with others in the Information Technology Division to drive aligned results. We have the opportunity to mobilize meaningful change through a well-established, well-respected company leading the Aviation industry.

Responsibilities:

* Key team player in driving regulatory engagements lifecycle such as SOX, PCI, Department of Defense (DoD) assessments, and more

* Lead the identification, collection, organization, and review of pertinent evidence across multiple platforms and applications to determine compliance with relevant industry and regulatory requirements (SOX, PCI, CRAF, CMMC, DCMA, etc.)

* Schedule and lead technical interviews with various stakeholders and leadership

* Write detailed findings, remediation plans, and obtain supporting documentation

* Evaluate, quantify, and communicate risk across the compliance, internal controls, and cyber domains

* Engage with partners in Information Security, Information Technology, and lines of business to ensure we are in compliance with Delta Information Security policy, standards, and regulatory/statutory requirements

* Consult with stakeholders on recommendations for business, technical, and compliance issues and act as primary point of contact for the life cycle of engagements

* Coordinate with internal and external audit teams, as needed, to fulfill regulatory/statutory requirements and obligations

* Anticipate organizational impacts & understand risk associated with introducing new technologies or processes

* Perform a variety of GRC tasks, and lead special projects as assigned, while effectively managing time with competing priorities

Benefits and Perks to Help You Keep Climbing

Our culture is rooted in a shared dedication to living our values – Care, Integrity, Resilience, Servant Leadership, and Teamwork – every day, in everything we do. At Delta, our people are our success. At the heart of what we offer is our focus on Sharing Success with Delta employees. Exploring a career at Delta gives you a chance to see the world while earning great compensation and benefits to help you keep climbing along the way:

* Competitive salary, industry-leading profit sharing program, and performance incentives

* 401(k) with generous company contributions up to 9%

* Paid time off including vacation, holidays, paid personal time, maternity and parental leave

* Comprehensive health benefits including medical, dental, vision, short/long term disability and life benefits

* Family care assistance through fertility support, surrogacy and adoption assistance, lactation support, subsidized back-up care, and programs that help with loved ones in all stages

* Holistic Wellbeing programs to support physical, emotional, social, and financial health, including access to an employee assistance program offering support for you and anyone in your household, free financial coaching, and extensive resources supporting mental health

* Domestic and International space-available flight privileges for employees and eligible family members

* Career development programs to achieve your long-term career goals

* World-wide partnerships to engage in community service and innovative goals created to focus on sustainability and reducing our carbon footprint

* Business Resource Groups created to connect employees with common interests to promote inclusion, provide perspective and help implement strategies

* Recognition rewards and awards through the platform Unstoppable Together

* Access to over 500 discounts, specialty savings and voluntary benefits through Deltaperks such as car and hotel rentals and auto, home, and pet insurance, legal services, and childcare

What you need to succeed (minimum qualifications)

* High-level of technical expertise required

* Strong experience working with Microsoft Excel, SharePoint, GRC tools, etc.

* Minimum of 6 years’ work experience in IT audit and assurance in one or more of the following frameworks: PCI-DSS, SOX, NIST 800-171, NIST 800-53, CIS

* Consulting experience with a public accounting firm working on audit and compliance assessments in large enterprise landscapes

* Excellent organizational and time management skills

* Ability to interact confidently with various levels of technical and leadership positions

* Exceptional written and verbal communication skills with a demonstrated ability to develop and maintain relationships

* Requires self-starters who work well within a largely self-directed environment

*Consistently prioritizes safety and security of self, others, and personal data.

* Embraces diverse people, thinking, and styles.

* Possesses a high school diploma, GED, or high school equivalency.

* Is at least 18 years of age and has authorization to work in the United States.

What will give you a competitive edge (preferred qualifications)

* Bachelor’s or master’s degree in Cybersecurity, Computer Science, Mathematics, Engineering, Information Systems, or equivalent

* Key industry certifications such as CISSP, QSA, PCIP, CISA, CRISC, CISM, CEH, etc.

* Advanced understanding of internal auditing, GAAP, PCAOB standards, SOX, and the COSO Framework.

* Experienced in leading audit and compliance assessments for SOX, PCI, CMMC, CRAF, or DCMA and ability to consult with IT stakeholders on potential remediation or risk mitigation strategies if needed

* Advanced security and architecture experience in industry leading cloud computing platforms

* Ability to read and interpret basic python code

* Experience in developing executive presentations or status communications for multiple organization roles.

* Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations, incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, or technical support

* A history of driving transformational change