Staff Risk Analyst
GE Aerospace •
Position Type: Permanent
Job Description:
Job Description SummaryAs a staff risk analyst, you will work on control monitoring process improvements and ensuring regulatory controls are met for in-scope applications, users and systems. You will drive day to day analysis on gaps of control adherence, ensuring the SOPs are updated/followed, applications (OS, DB, App) are following all the regulatory controls around identity and access management use cases. Partner with IT controllership, finance controller ship, internal audit, external audit as well DT system owners to ensure proper governance and adherence is in place.Job Description
Essential Responsibilities:
- Collaborate with stakeholders, reporting, collaborating with senior team members in preparing documentation for internal audits and SOX requirements, collecting, or gathering artifacts as needed for internal and external audits as it relates to regulatory audit requirements.
- Collaborate with internal SOX and GRC teams to define current and future quarterly SOX scope.
- You will also support knowledge transfer with the objective of providing value-adding consulting solutions that enable our clients to meet the changing needs of the global landscape.
- Help scope, design, implement, continually evaluate, and improve clients Identity and Access Management controls in relation to regulatory requirements such as SOX and CMMC
- Work closely with internal stakeholders to help them understand controls for their systems and provide recommendations and guidance for implementation and operation.
- Perform internal control assessments and assist with continuous monitoring activities and help remediate any control deficiencies or findings.
- Help plan and manage external audits and assessments, including meeting with internal stakeholders to prepare, coordinating walkthroughs, providing evidence to external auditors, and responding to findings and recommendations.
- Assist with ongoing SOX related functions, such as performing vendor reviews, user access reviews and risk assessments.
- Participate in audit, risk and compliance assessments of Identity and Access Management (IAM) activities.
- Serve as a key IAM audit and compliance contact, explaining the internal assessment processes and scope, keeping IAM management apprised of IAM key risks and issues, and effectively delivering assessment results to Identity Products VP
- Assist in the design and drive the execution of IAM audit readiness efforts and key advisory reviews performed by our IAM compliance team.
- Process Joiner, Mover, leavers (JML) request and User Access Revalidation (UAR) activities as per pre-defined sets of procedure and within agreed Service Level Agreements (SLA), resolve problem tickets and assist other security analysts as needed.
- Participate in planning, scoping, and driving the execution of IAM related assessments and advisory reviews.
- Assess the design and operating effectiveness of complex IAM areas/controls including the performance of detailed walkthroughs with IAM Subject Matter Experts
- Furthermore, provide recommendations that improve the design, effectiveness, and efficiency of IAM control or process
- Produce detailed IAM controls design and operating effectiveness testing related work papers that can be shared with internal and external auditors.
- Assess audit findings /gaps including control weaknesses with an appropriate degree of professional skepticism, seeking to fully understand risks to the firm.
- Assist IAM delivery leaders with the development and the implementation of Management Action Plans to mitigate weaknesses, providing thought leadership on the appropriateness of the Plan.
- Provide IAM control consulting and advisory services to management to assist in redesign efforts that improve the IAM control environment.
- Promote new ideas and new ways of executing projects and internal infrastructure enhancements.
- Partner with key business stakeholders with relevant IAM Processes to improve the IAM compliance posture.
- Identify automation opportunities and assist in creating scripts to automate and streamline existing access management controls.
- Provide support for out daily, weekly, quarterly, and yearly SOX compliance.
- Architect, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise.
- Use monitoring, detection, incident response and automation to proactively support ongoing security operations in an enterprise environment. This includes ability to code monitoring and automation scripts.
- Implement security practices to cloud, on-premises, endpoint and mobile infrastructure while considering the impact of governance, risk and compliance requirements throughout the enterprise.
Qualifications/Requirements:
- Bachelor’s degree in Engineering from accredited university or college with minimum of 5 years of professional experience
- Coding experience is a must have.
Desired Characteristics:
Technical Expertise:
- Understanding of various directory structures and configurations (LDAP, Active Directory, etc.).
- Working knowledge of APIs or other forms of application integrations.
- Understanding of cloud hosting and processes (AWS and Azure – basic knowledge is a must)
- Extensive knowledge of Identity Management technologies such as Okta, Ping, Oracle, ForgeRock.
- Understanding of PCI, SOX, HIPAA, EU-GDPR regulations for IAM.
- Working knowledge or better of industry standard IGA tools such as SailPoint, Saviynt and/or Sun/Oracle.
- Advanced knowledge and experience with the Microsoft Directory Stack and Azure and supporting components.
- General understanding of SOX, HIPAA and/or other global data regulations.
- Working knowledge of Powershell
- Experience with Mergers and Divestitures preferred.
- Strong troubleshooting and root cause analysis experience
- Recognizes patterns and complexity in problems. Extracts decomposition algorithms, and strategically plans how to execute programs by understanding how best to decompose to expose / protect against risk.
- Thorough knowledge of Software Development Life Cycle principles.
- Strong analytical and strong problem-solving skills. Communicates in a clear and succinct manner and effectively evaluates information / data to make decisions, anticipates obstacles and develops plans to resolve, creates actionable strategies and operational plans.
- Change oriented – actively generates process improvements, champions and drives change initiatives, confronts difficult circumstances in creative ways, balances multiple and competing priorities and executes accordingly.
- Certification/experience with cloud is a big plus.
Leadership:
- Proactively identifies and removes obstacles or barriers on behalf of the team.
- Defines immediate priorities to help the team focus and deliver critical initiatives.
Personal Attributes:
- Energetic and self-motivated individual with ability to work effectively and cooperatively in a complex organization.
- Uses critical thinking skills and disciplined approaches to help leaders and leadership teams resolve issues and define solutions.
- Influences and energizes others toward the common vision and goal in the face of unfavorable odds and setbacks.
- Able to work under minimal supervision.
Additional Information
Relocation Assistance Provided: No
Job Ident #:
R3746263
(Job and company information not to be copied, shared, scraped, or otherwise disseminated/distributed without explicit consent of JSfirm, LLC)