IT Security and Compliance Analyst

Job Description:

The IT Security & Compliance Analyst supports and operationalizes the organizations global information security and compliance program in support of missioncritical safetysensitive and highly regulated aviation operations. The role focuses on improving security operations vulnerability management audit readiness identity governance thirdparty risk management and overall security maturity across global IT environments.

Working closely with Infrastructure & Operations Applications and business stakeholders the Analyst helps reduce enterprise risk strengthen regulatory compliance and ensure security controls are effective repeatable and defensible.

PRINCIPAL RESPONSIBILITIES:

Security Operations & Incident Response

• Monitor analyze and investigate security events using SIEM EDR email cloud and endpoint security tools.
• Coordinate incident response activities including containment eradication recovery and postincident reviews.
• Maintain and improve incident response playbooks and track response metrics and corrective actions.

Vulnerability Management & Risk Reduction

• Coordinate vulnerability scanning and validation across infrastructure endpoint cloud and application environments.
• Prioritize vulnerabilities based on severity asset criticality and exploitability.
• Track remediation SLAs exceptions and risk acceptances; report status and trends to stakeholders.

Identity Access & Security Controls

• Support onpremises and cloud identity platforms and secure authentication controls.
• Assist with joiner/mover/leaver processes access reviews and privileged access governance.
• Support enforcement of MFA conditional access and leastprivilege principles.

Compliance Audit & Continuous Readiness

• Support internal and external audits including SOX ITGC ISO 27001 NIST CSF NIST 800-171 and contractual requirements.
• Maintain audit evidence control documentation and test artifacts.
• Support proactive control monitoring to reduce repeat audit findings.
• Assist with regulatory readiness including aviationspecific security requirements (e.g. EASA PartIS).

ThirdParty & Supplier Security

• Support supplier security due diligence including questionnaires and review of SOC and ISO artifacts.
• Track vendor remediation actions and reassessment schedules for higherrisk suppliers.
• Partner with Procurement and Legal to support security obligations in vendor contracts.

Resilience Business Continuity & Awareness

• Support IT emergency response disaster recovery and business continuity planning and exercises.
• Assist with security awareness initiatives and targeted training programs.

PERSON SPECIFICATION: (minimum education requirements key skills and experience)

Qualifications:

• Bachelors degree in Computer Science Information Technology or equivalent professional experience.
• Security or auditrelated certifications preferred (CISSP CISM CISA Security SSCP).

Experience:

• 3 years of experience in cybersecurity operations compliance vulnerability management or audit support.
• Practical experience supporting incident response vulnerability remediation and audit evidence production.
• Experience working with thirdparty service providers and regulated environments is desirable.

Skills:

• Strong understanding of information security controls and operational risk management.
• Ability to translate security findings into clear remediation actions.
• Strong documentation analytical and stakeholder communication skills.
• Comfortable operating in regulated missioncritical operational environments.

Bristow Group is an Equal Opportunity Employer all qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or status as a protected veteran.