VP - Cyber Security - Audit, Risk and Compliance
Van Buren Township, MI, USA | General Electric
Industry:Energy / Renewable Energy / Oil & Gas
Job Description:71 people have viewed this job
This role will be part of the Cybersecurity and Technology Risk organization and will strategically own the Technology Risk and Compliance posture across GE Aviation.
Maintain continuous monitoring, auditing, governance and compliance programs, including contractual compliance programs, relative to cyber compliance and technology risk for GE Aviation
Responsible for global regulatory compliance with requirements such as GDPR, DFARS, UK CES/CSM, FISMA, NIST 800-171 and 800-53, China Cyber Security, Italian Organization, UK Organization, Export Control, etc.
Ensure access management requirements are met for regulatory and compliance requirements at the OS, DB Platform, Full Tech Stack and App layer(s).
Stay abreast of new and emerging regulations with impact to the GE Aviation Digital Technology environment.
Responsible for IT Controllership, including Sarbanes-Oxley and Critical Systems.
Develop, support and enforce applicable policies, standards and guidelines for Digital technology compliance, contractual and regulatory needs.
Responsible for ERP compliance, including HPA and SOD requirements.
Responsible for Software Asset Management across Aviation and compliance to MSAs and MLAs for software packages.
Design and implement metrics to drive an environment of risk-based compliance and continuous controls monitoring.
Responsible for understanding and aligning strategy across peers within the same organization or function.
Communicate and present to Senior leadership, including, but not limited to Company Officers and SEBs.
Responsible for working with US and Foreign Governmental Entities to review Organizationifications to existing and new regulations and requirements that impact GE Aviation’s compliance posture and influencing oCompanyomes to benefit the GE Aviation business.
Responsible for a globally diverse organization and driving continuous improvement throughout organization with a risk-based approach and manner.
Works with cross functional teams and cross-business teams and is responsible for actively challenging direct staff through stretch assignments and efforts to develop future leaders and succession capabilities.
Responsible for results and retention of direct staff to include active development of staff to include career path management, coaching / mentoring, and performance feedback
Bachelor’s Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math)
Minimum of 12 years of professional experience in IT
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
Ideal candidate will have prior experience from E&Y, KPMG, Company, PwC or IT Corporate Audit Staff Graduate (GE Employee only)
CISA, CPA or CISSP certification preferred
Experience in designing, enhancing and implementing detailed wing to wing robust processes
Proven track record of detailed quality documentation delivery to defined standards
Understanding of regulatory and external certifications requirements as they relate to IT for regulations such as DFARS, FISMA, etc.
Experience of implementing and operating Risk Based Testing methodologies
Excellent interpersonal, written/verbal communication and leadership skills with the ability to quickly build credibility, influence and make recommendations to all levels
Outstanding interpersonal, written/verbal communication skills
Knowledge of industry standards, such a NIST 800-53 and 800-171 and requirements for FedRamp compliance
Ability to handle multiple demands and tasks, including time-sensitive and critical issues
Demonstrated ability to manage across a matrixed organization
Ability to take input from multiple stakeholders, complex business and technical requirements
Creative problem solver with strong analytical skills
Strong oral and written communication skills – able to communicate appropriately to technical and management audiences
Strong interpersonal and leadership skills
Demonstrated knowledge of general IT controls, IT risk and security-related standards and technologies
Experience in large global environments spanning multiple time zones
Be highly collaborative with the ability to build consensus across numerous organizations
Knowledge of IT and cybersecurity frameworks, such as ISO, NIST and/or COBIT
Ability to synthesize and communicate complex technology topics to all levels of the organization
Ability to drive oCompanyomes in ambiguous environments
Ability to work across organization and culture
Ability to work under tight deadlines and to prioritize under pressure
Strategic thinker with the ability to create and execute concrete action plans
Strong analytical, project management, and organizational skills