Director, Security Governance, Risk and Compliance

About FlightSafety International

FlightSafety International is the world’s premier professional aviation training company and supplier of flight simulators, visual systems and displays to commercial, government and military organizations. The company provides training for pilots, technicians and other aviation professionals from 167 countries and independent territories. FlightSafety operates the world’s largest fleet of advanced full-flight simulators and award-winning maintenance training at Learning Centers and training locations in the United States, Canada, France and the United Kingdom.

Purpose of Position

The GRC Director is responsible for the overall enterprise-wide Governance, Risk management and Compliance programs. The GRC director is part of the CISO organization and will report to the CISO, VP information security. This role requires a combination of a strong GRC background and business acumen to manage relationships between the various business units and IT groups.

Tasks and Responsibilities

• Design a comprehensive compliance & risk governance program including the established of the information security policies, standards and procedures.
• Provide subject matter expertise and leadership on mature information security governance structures and processes, Risk management process as well as contractual, regulatory and legal compliance requirements.
• Responsibilities include the hands-on design, implementation and effective management of the programs as well as the shaping of the security policies, standards and procedures in alignment with the overall information security strategy and program.
• Take a risk-based approach to ensure the new program design satisfies the public sector/government business as well as the commercial lines of business
• Use NIST 800-53, 800-171 frameworks as well as CMMC compliance requirements as a guide to create a sustainable program.
• Work cooperatively with others and solicit input from the various areas of the organization to ensure the governance program is fit for purpose for Flight Safety International
• Measure and report on all aspects of the program including progress over time
• Design a comprehensive information security Risk management program to identify, quantify, classify and manage risks for the organization including all business units
• Continually educate and train the organization on the new compliance & risk management functions with how they can participate and contribute to the program
• Drive the identification of information security risks and maintain a risk register including planned mitigations and acceptance
• Measure and report on all identified risks and the overall security risk management function including progress overtime
• Align to the security risk management with the existing business risk management practices
• Work cooperatively with others and solicit input from the various areas of the organization to ensure the program is fit for purpose for FlightSafety International
• Serve as a leader in the CISO office and contribute to the security strategy
• Serve as the primary security liaison for internal and external audits and as needed to represent IT and Security
• Respond to inquiries from external entities on all matters related to information security resilience and compliance
• Represent FlightSafety international on matters related to security compliance with government and other entities
• Craft and maintain all documentation necessary to maintain each of the programs including satisfaction of government and client needs
• Justify the need for tooling and staffing needs and manage assigned budget in line with approved allocations
• Mentor and manage others to increase the team competency and continually build a culture of constant improvement and a desire to excel
• Manage the team in alignment with the FlightSafety policies including hiring, talent development (training, mentoring, coaching …etc.) and performance management

Minimum Education

• Bachelor’s degree in computer science, risk management, or equivalent education

Minimum Experience

• At least 10 years related experience
• Previous experience as an Information Systems security officer (ISSO)
• Previous experience as an IT security auditor
• One or more relevant industry-standard security certifications (such as CISA, CRISC or CISM)
• Prior experience working with federal government agencies contracts in a compliance setting (FISMA, FEDRAMP)

Knowledge, Skills, Abilities

• Previous experience liaising with government agency staff, regulators and auditors
• Demonstrated success in establishing and operationalizing comprehensive, enterprise-wide GRC programs that effectively address both commercial as well as DoD-based business models and standards (eg. NIST 800-171r2, CMMC)
• Strong knowledge and experience in security frameworks, standards and practices, including NIST CSF, NIST 800-53, NIST 800-171, ISO 27001, COBIT, SOX, OWASP ASVS
• Extensive experience with the security and compliance aspects of operational technology (OT) and industrial control systems (ICS) in critical infrastructure and/or high consequences environments (aviation…etc).
• Experience in developing, implementing, and enforcing security policies, standards and procedures for the protection of both commercial data and classified/controlled unclassified information (CUI)
• Prior experience working with federal government agencies contracts in a compliance setting (FISMA, FEDRAMP)
• Knowledge of and prior hands-on experience in GRC tools/ technologies
• Excellent written and verbal communication skills.
• Ability to manage across multiple competing priorities and time-sensitive initiatives.
• Strong ability to motivate and lead team members including in a remote/virtual environment.
• Uncompromising personal and professional integrity and ethics
• Capable of making independent decisions or representing leadership at times.

Physical Demands and Work Environment

The physical demands and work environment described here are representative of those that must be met and/or encountered by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel; reach with hands and arms; and communicate. The employee may be required to stand, walk, and sit. Specific vision abilities required by this job include the ability to view monitors, technical documents, and reference material. The noise level in the work environment is usually low to moderate.

FlightSafety is an Equal Opportunity Employer/Vet/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or disability.

Cybersecurity Notice: All official recruiting communication from FlightSafety International will come from an @flightsafety.com email address. FlightSafety International will never ask for personal or financial information through social media or third-party email providers.