A career with CAES is more than just a job; it is the pathway to a bright future.
Are you searching for a career with a company that offers challenging, diverse projects and opportunities? Are you looking for a position with a company that is growing and able to offer long-term professional advancement? Searching for a company that values a friendly work environment and that values YOU? Then look no further!! Consider Cobham. #peoplefocusedmissiondriven #everymissionmatters
CAES is seeking a hands-on, highly motivated Governance Risk and Compliance Analyst III to join our Information Security team as a core member. This role reports to the Sr. Director, Governance Risk and Compliance under the Information Security organization and will support all aspects of cybersecurity compliance, risk management, supply chain risk management, identity and access management, privacy, and operational monitoring to validate and ensure the resiliency of our cybersecurity program, provide business enablement to CAES, and assure CAES customers of compliance. The Governance Risk and Compliance Analyst III is expected to be aware of the enterprise’s security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals.
•Support all GRC risk management and audit initiatives, including but not limited to, annual internal auditing of IT Security Controls, and external audits to achieve compliance such as DFARS Cybersecurity (NIST 800-171) and Cyber Maturity Model Certification (CMMC). Support certification efforts and perform regulation and standard gap analysis across the CAES environment.
•Enhance CAES’s Supply Chain Risk Management Program. Partner with cross-functional teams within CAES’s supply chain to tier CAES suppliers, conduct third party risk assessment and due diligence, review contracts, onboard suppliers, and ensure that CAES’s supply chain is secure and meets CAES contractual obligations.
•Support Identity and Access Management initiatives including entitlement reviews of access throughout CAES. Lead and manage CAES’s employee termination processes. Partner with cross functional teams to ensure compliance with all applicable regulations.
•Lead compliance audits and security risk assessments of business critical applications across the business. Collaborate with cross-functional owners to enhance the security posture of CAES’s applications to meet compliance initiatives and industry best practice.
•Support CAES’s corporate privacy program, ensuring compliance with all applicable regulations (i.e. CCPA, GDPR).
•Lead the customer audit engagement process as the liaison for Information Security. Complete third-party assessment questionnaires. Support and collaborate with CAES customers and the Defense Industrial Base to provide assurance of CAES’s regulatory compliance and security posture.
•Develop and maintain all system security plans (SSPs), and CAES Information Security policies and procedures. Support the development of policies, standards, procedures and guidelines in adherence with all applicable laws, regulatory frameworks, or client contractual requirements. Partner across functional teams for policy approvals and publishing of documentation.
•Support the evaluation of compliance risks and processes in complex information system environments to ensure appropriate controls exist, efficiency and accuracy with processes exist, and information system procedures comply with corporate policies and standards.
•Work across multiple business units in a timely manner to develop response materials and action plans to address any anticipated or identified audit/assessment findings. Ensure findings and remediation efforts are tracked in the company’s GRC platform.
•Support CAES’s Security Awareness Program. Assist GRC in disseminating training to CAES employees, and enforcing and tracking training attendance.
•Support the reporting of monthly metrics on the effectiveness of team operations to the Chief Information Security Officer.
•Support GRC operational initiatives such as Information Security’s weekly action report and administering GRC’s internal ticketing system
•Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors. Participate in educational opportunities, read professional publications, maintain personal networks, and participate in professional organizations.
•Ensures the enforcement of CAES security requirements including, but not limited to, Export Control and Controlled Unclassified Information (CUI).
•Assists in the analysis and definition of security requirements. Contributes to the continuous improvement and optimization of processes for existing and new security initiatives.
•Perform other duties and tasks as assigned.
•Bachelor’s degree in Computer Science, Engineering, or equivalent discipline.
•5-7 years of experience in or a combination of Information Security, IT auditing, Regulatory Compliance, Risk Management, Supply Chain Risk Management, Privacy, and Identity and Access Management.
•IT audit and compliance experience of applicable regulatory requirements including NIST 800-171A/B, CMMC, and PCI DSS.
•Experience evaluating controls in relation to information security standards and frameworks such as NIST 800 Series, NIST CSF, ISO27001/2, SSAE18, SOX, and FedRAMP.
•Knowledge of risk management processes including internal audit, documentation of risk, managing risk registers, reducing cybersecurity risk though remediation, and reporting of risk.
•Experience in building and managing third-party risk assessment programs to support the cybersecurity function within supply chain sourcing and operations.
•Experience in developing, supporting and executing corporate privacy programs based on GDPR and CCPA.
•Experience conducting logical and physical access entitlement reviews of access based on least privilege.
•Highly self-motivated, self-starter and directed with keen attention to detail.
•Certification or advanced skill in compliance, information security, audit or related domains (e.g CISSP, CISA, CISM, CRISC, CGEIT, CIPP, PCIP, etc.) is required.
•Be able to obtain a Department of Defense (DoD) position appropriate level security clearance.
•Periodic travel is required (10-20%).
•Master’s degree in a Computer science, Cybersecurity or equivalent discipline
•8-10 years of experience in or a combination of Information Security, IT auditing, Regulatory Compliance, Risk Management, Supply Chain Risk Management, Privacy, and Identity and Access Management.
•2-4 years of experience in or a combination of Information Security Operations, Incident Response, and Network Security.
•Professional services, consulting or other client-facing experience in an audit\governance setting is preferred.
•Experience working within the Aerospace and Defense sector.
•Experience using Exostar to answer customer questionnaires.
•Experience with supporting Insider Threat programs.
•Current SECRET level or above Department of Defense (DoD) security clearance.
Founded in 1934 by aviation innovator Sir Alan Cobham, our values of Trust, Talent and Technology have driven us to become a global leader in state-of-the-art aerospace and defense systems. It's the insights of our innovators today that will secure our collective future. Innovators like you!
If you are authorized to work in the United States, then we encourage you to apply. We are unable to sponsor work visas.
Cobham is one of the world's leading companies engaged in the development, delivery and support of leading-edge aerospace and defense systems in the air, on land and at sea. Our clients and partners trust Cobham to deliver the mission-critical technology they need, and we trust our employees to draw on their ingenuity and passion to deliver those solutions. This leads to an empowering culture for our people. Our Leadership team is open, sharing plans for the next five years, driving retention by offering demanding, exciting work, and providing full guidance and mentoring.
Cobham is an Equal Opportunity/Affirmative Action Employer and embraces diversity in our employee population. It is the policy of Cobham to provide equal opportunity to all qualified applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or genetic information. Cobham will refrain from discharging, or otherwise discriminating against, employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants.
The EEO is the Law poster is available here and the poster supplement is available here.
The Pay Transparency Policy is available here.
Cobham Advanced Electronic Solutions is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation due to a disability for any part of the employment process, please send an e-mail to CAEScareers@cobham.com and let us know the nature of your request and your contact information.