Senior Manager of Governance, Risk & Compliance (GRC)

Company:

About Us:

We are a premier global aviation software company dedicated to delivering innovative solutions that shape the future of flight. Our technology supports critical operations worldwide from flight navigation to crew planning and optimization. Join our passionate team as we navigate the complexities of an evolving industry ensuring the security and integrity of our products and services.

We are seeking an experienced and highly motivated Senior Manager of Governance Risk & Compliance (GRC) L level to lead our GRC function within our newly integrated Security organization in a remote US position. This is a critical leadership role where you will be instrumental in shaping and maturing our cybersecurity posture using modern approaches. You will navigate the complexities of protecting critical data across a diverse technology landscape encompassing both modern cloud platforms and legacy systems on a global scale.

Your primary focus will be on establishing a robust security governance framework effectively managing information risk and ensuring demonstrable compliance with a wide array of international cybersecurity standards (including mandatory adherence to ISO 27001 and CMMC requirements) global data privacy laws and other relevant frameworks. You will champion cybersecurity resilience and also ensure adherence to vital aviation safety standards (e.g. FAA/EASA requirements) and airworthiness security standards (e.g. DO326/DO356 support) recognizing the critical link between data integrity availability and flight safety.

This role requires a strategic thinker who can manage a diverse Security Compliance Portfolio balancing adherence to various critical standards and regulations. You will be essential in building a robust and efficient Security organization that enables our business objectives fosters a culture of security and trust across our global operations and effectively communicates our security posture to key airline customers.

Position Responsibilities:

• Lead the GRC team in developing maintaining and communicating enterprisewide security policies standards and procedures with a clear focus on current and emerging global cybersecurity threats and best practices.

• Establish manage and mature the security risk management program including conducting comprehensive enterprise cybersecurity risk assessments overseeing ThirdParty Risk Management (TPRM) and maintaining a unified risk register.

• Drive the implementation ongoing management certification and continuous improvement of the Information Security Management System (ISMS) based on ISO 27001.

• Ensure and demonstrate compliance with a complex portfolio of relevant cybersecurity regulations and standards (e.g. ISO 27001 CMMC NIST CSF) and major global privacy regulations (e.g. GDPR CCPA and other international frameworks).

• Support and ensure adherence to applicable aviation data standards (e.g. FAA LOA EASA DAT DO200B) and airworthiness security standards (DO326/DO356 support).

• Manage and coordinate internal and external security and compliance audits (regulatory customer certification) driving remediation efforts and continuous improvement.

• Champion and integrate modern GRC methodologies including automated governance tools and policy as code principles to enhance efficiency and effectiveness.

• Develop deliver and champion a comprehensive security awareness and training program for all employees to foster a strong securityconscious culture.

• Define data classification standards and associated handling requirements to protect sensitive corporate and customer information.

• Harmonize disparate policy sets and standardize risk management and compliance monitoring methodologies across integrated Jeppesen and Foreflight entities.

• Develop and manage an airline customer security assurance program acting as a key liaison to address their security inquiries articulate our security posture and map internal (e.g. Jeppesen Foreflight) product and service risks to customerrelevant risks.

• Provide expert guidance to business and technology stakeholders on cybersecurity risks introduced by business and operational changes.

• Liaise effectively with Legal Privacy Office regulators (e.g. FAA EASA and other global authorities) auditors and other internal stakeholders on all GRC matters.

• Oversee processes for managing data subject rights requests in accordance with applicable global privacy laws.

• Contribute to the continuous improvement of the overall cybersecurity program through robust measurement metrics and reporting to senior leadership.

Key Objectives & Performance Indicators (Examples):

• Achieve and maintain demonstrable compliance with key cybersecurity (including ISO 27001 CMMC) privacy and aviation regulations evidenced by positive audit results and minimal regulatory findings.

• Timely development approval and adoption of harmonized security policies and standards across the integrated Jeppesen and Foreflight entities.

• Demonstrable effectiveness of the risk management program including the use of modern tools and techniques.

• Successful management and coordination of internal and external audits with quantifiable improvement in audit findings and posture over time.

• Measurable improvements in employee security awareness and engagement across the organization.

• Successful maintenance and continual improvement of the ISO 27001 certified ISMS and adherence to CMMC requirements where applicable.

• Positive feedback and strengthened relationships with airline customers regarding security assurance.

Join Our Team:

If you are a GRC leader passionate about cybersecurity experienced in global compliance and ready to take on a strategic role in a complex and exciting industry we encourage you to apply!

Basic Qualifications (Required Skills/Experience):

• A minimum of 1015 years of significant professional experience in information security or IT with at least 5 years in a GRC leadership or managerial capacity within a global organization.

• Required deep expertise in cybersecurity governance risk management and compliance with mandatory proven experience implementing managing and achieving/maintaining certification for Information Security Management Systems (ISMS) based on ISO 27001.

• Required demonstrable experience with the Cybersecurity Maturity Model Certification (CMMC) framework (and supporting standards like NIST SP 800171) and its application in relevant environments.

• Strong understanding and practical experience with enterprise risk management methodologies and prominent cybersecurity frameworks (e.g. NIST CSF NIST SP 80053).

• Proven experience in developing implementing and enforcing effective security policies standards and procedures in a complex global organization.

• Indepth knowledge of and experience applying major global data privacy regulations including but not limited to GDPR CCPA and an understanding of the broader international privacy landscape.

• Experience with or strong understanding of modern GRC technology automated governance tools and policy as code concepts.

• Experience managing comprehensive compliance programs and coordinating diverse audits (regulatory customer certification).

• Familiarity with aviationspecific regulations and standards (e.g. DO326/DO356/DO200B set FAA EASA requirements) is a strong asset.

• Experience with vendor risk management processes including the use of security assessment questionnaires and negotiating contractual security requirements.

• Demonstrated ability to develop and deliver engaging and effective security awareness and training programs that drive behavioral change.

• Excellent written and verbal communication skills with the proficiency to articulate complex GRC concepts clearly and persuasively to diverse global audiences including executive leadership and key customers.

• Relevant professional certifications such as CISSP CISM CISA CRISC or similar are highly preferred.

• Experience working in a highly regulated industry preferably aviation or finance is a significant advantage.

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana cocaine opioids amphetamines PCP and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing we strive to deliver a Total Rewards package that will attract engage and retain the top talent. Elements of the Total Rewards package include competitive base pay and variable compensation opportunities.

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs generally including health insurance flexible spending accounts health savings accounts retirement savings plans life and disability insurance programs and a number of programs that provide for both paid and unpaid time away from work.

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location date of hire and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications as well as market and business considerations.

Summary Pay Range: $161500.00$218500.00

Language Requirements:

Education:

Relocation:

Export Control Requirement:

Safety Sensitive:

Security Clearance:

Visa Sponsorship:

Contingent Upon Award Program

Shift:

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud Recruitment Fraud Warning