Lead Governance, Risk, and Compliance (GRC) Specialist

Company:

Overview

As a leading global aerospace company Boeing develops manufactures and services commercial airplanes defense products and space systems for customers in more than 150 countries. As a top U.S. exporter the company leverages the talents of a global supplier base to advance economic opportunity sustainability and community impact. Boeings team is committed to innovating for the future leading with sustainability and cultivating a culture based on the companys core values of safety quality and integrity.

Technology for today and tomorrow

The Boeing India Engineering & Technology Center (BIETC) is a 5500 engineering workforce that contributes to global aerospace growth. Our engineers deliver cutting-edge R&D innovation and high-quality engineering work in global markets leveraging new-age technologies such as AI/ML IIoT Cloud Model-Based Engineering and Additive Manufacturing shaping the future of aerospace.

People-driven culture

At Boeing we believe creativity and innovation thrive when every employee is trusted empowered and has the flexibility to choose grow learn and explore. We offer variable arrangements depending upon business and customer needs and professional pursuits that offer greater flexibility in the way our people work. We also believe that collaboration frequent team engagements and face-to-face meetings bring together different perspectives and thoughts enabling every voice to be heard and every perspective to be respected. No matter where or how our teammates work we are committed to positively shaping peoples careers and being thoughtful about employee wellbeing.

With us you can create and contribute to what matters most in your career community country and world. Join us in powering the progress of global aerospace.

Jeppesen is seeking an Lead Governance Risk and Compliance (GRC) Specialist . This position will be based in Bangalore India. The GRC Specialist role is a multifaceted role performing a host of compliance duties in support of the Jeppesen aviation software business. Additionally this role will work in support of compliance in a variety of national and international frameworks ensuring that Jeppesen meets and exceeds minimum risk and compliance with security controls supporting these frameworks. This role will supplement GRC Compliance Specialists GRC Risk Management Specialists and ISMS owners. This role will focus on defining quantitating and developing materials such as Plan of Action & Milestone(s) (POA&M) to mitigate and resolve risks across Jeppesen. This role must see broader impacts of risks and be capable of relating risks to key stakeholders. This role will work with risks on different levels from a technical product and vulnerability perspective to a more holistic organizational view. The role will also support compliance efforts by assisting in analyzing security practices and controls for the various frameworks analyze Jeppesens current state analyze the deficiencies between current Jeppesen state and implementation of controls determine corrective measures to address deficiencies plan appropriate steps to implement corrections track the implementation of corrective actions and provide internal self-audits of both processes and operational implementation of the controls. This role works across the organization and is expected to communicate effectively with leadership operations and development in ensuring that Jeppesen establishes and maintains a world-class compliance team.

Domestic and international travel may be required to support audit and compliance efforts at Jeppesen locations in the US and worldwide. This is not estimated to be more than 15% of the employees time.

Position Responsibilities

• Communicate with groups from C-Level Executives to operations and development

• Willingness to speak truth on security compliance regardless of audience; the role must be willing to express deficiencies when deficiencies exist

• Understand compliance frameworks and how they interrelate in terms of controls

• Decompose security controls into actionable requirements

• Define write and formally document policies standards procedures guidelines and baselines

• Test policies standards procedures guidelines and baselines for compliance to security frameworks

• Determine non-compliance and/or deficiencies between control expectations and current implementation including ability to provide guidance to fully meet intention of the security control

• Analyze schedule and budgets to determine if tasks are achievable

• Understands risk management including business risk management operational risk management and development risk management

• Problem solver; a desire to see problems as challenges to be resolved

• Continue to learn and improve skills through both JEPPESEN provided training and self-training

Basic Qualifications (Required Skills/Experience):

• Ability to quickly change from one task to another

• Ability to work in a team and independently as needed by task

• A minimum of 3 years of experience working in compliance and/or auditor role in a highly regulated environment

• Experience working cross-functional teams providing guidance and improvements

• Experience in vulnerability management patch management or similar

• Experience in at least one of the following security frameworks: NIST ISO 27001 CMMC 2.0 COBIT Cyber Essentials etc.

Preferred Qualifications:

• Bachelors degree or similar level of experience in a technical field

• Security or compliance certification such as CISSP CISA CISM CCP CCA ISO 27001 Auditor etc.

• Ability to effectively discuss security frameworks in detail in how compliance works to shape a business and/or business unit

• Ability to take non-specific technical controls and data and relate them to technical implementations

• Experience working in Change Control Boards (CCBs) or other oversight groups

• Experience auditing businesses business units or teams for compliance to a security framework

• Experience in regulations such as GDPR HIPAA FISMA etc.

• Experience in technical roles such as security operations boundary defense vulnerability management

Typical Education & Experience:

• Bachelors degree or higher in Computer Science Information Technology or a related field with 12 years of relevant work experience. Masters degree with 11 years experience.

Relocation:

• This position offers relocation based on candidate eligibility.

Language Requirements:

Education:

Relocation:

Security Clearance:

Visa Sponsorship:

Contingent Upon Award Program

Shift: