Job Overview

GENERAL SUMMARY:

Under supervision of the Senior Information Security Manager, works with the Technology Security and Compliance team to meet regulatory requirements and Board policies, protect the Board’s information assets and ensure continued compliance.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Partners with senior management to improve internal IT control framework, including integration of multiple compliance requirements and standards such as PCI-DSS, CJIS and TSA’s Cyber and IT security through the Airport Security Program (ASP) across all existing and new enterprise applications, services, networks and users.
• Track internal and external control assessments, vulnerability reports, penetration reports, ASV scans, CJIS audits, internal and external audits, including remediation efforts.
• Partner with various IT groups and DFW departments to meet agreed upon timelines to address security risks in a timely fashion.
• Participate in regulatory compliance processes across the enterprise.
• Interacts with various business and IT groups to review, assess, and monitor compliance with various programs such as CJIS, PCI and HIPAA.
• Support the development, maintenance and updating of information security policies, processes and procedures.
• Assist in identifying and reporting risk areas and compliance issues to IT management, recommend cost effective remediation actions and continuously improve the control environment
• Partner with the ITS Project Management Office (PMO) to create managed work and projects around cyber and IT security compliance efforts.
• Partner with departments and application owners to proactively coordinate the creation and collection of required disaster recovery planning perquisites (Risk Assessments, BIA’s, Run Books, Diagrams, Assets, Resources, Dependencies and Test Plans).

MINIMUM REQUIREMENTS:

· Bachelor's degree in computer science, business administration or related field.

· Five (5) years of experience in risk management, governance, information technology or compliance.

· Experience with PCI compliance and Disaster Recovery Plan development, testing and maintenance.

· Experience using and/or administering a Governance, Risk, and Compliance (GRC) enterprise platform and Disaster Recovery Assurance Application.

· Experience using Security-related (vulnerability, SSL tracking, etc.) platforms to gather information for compliance reporting.

· Any equivalent combination of education and/or experience may be substituted for the above on a year-for-year basis.

· Possession of a valid class C driver's license.

SENIOR IT COMPLIANCE ANALYST 1787

REQUIRED KNOWLEDGE, SKILLS AND ABILITIES:

· Knowledge and experience in reviewing third-party security reports (SOC 1 & 2)

· Knowledge of CIS Version 7 or 8, NIST Cybersecurity Framework and Shared Assessments

· Knowledge of information security concepts, standards, frameworks and best practices

· Knowledge of principles and procedures involved in handling sensitive data

· Knowledge of Single Sign On (SSO), Multifactor Authentication (MFA), Privilege Access Management (PAM) and Encryption

· Ability to communicate clearly and effectively, both orally and in writing, at all levels within and outside the organization

· Ability to establish and maintain effective working relationships inside and outside the organization

· Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the Airport Board

· Strong organization skills with the ability to handle multiple work streams

· Skill in project management, problem-solving and conflict resolution

· Skill in all Microsoft 365 solutions, PowerBI reporting, and DocuSign

· High integrity and business ethics

SPECIAL REQUIREMENT:

· Must obtain a Security Identification Display Area (SIDA) Airport Identification/Access Badge (badge) in accordance with Department of Homeland Security Transportation Security Administration (TSA) requirements in Chapter 49 of the Code of Federal Regulations Part 1500 et. Al. and DFW Airport’s Airport Security Program within thirty (30) days from date of employment and maintain qualification for a SIDA badge upon each badge renewal.

DESIRABLE:

· Ability to work efficiently and independently with minimum supervision (self-motivated and willing to stretch to meet important deadlines).

· General knowledge of CIS, ISO 27001, NIST 800-53 and other control frameworks.

· Familiarity with GRC and Data Protection Tools.

· Security certifications such as CIPP, CISA, Others

· Business acumen to consider the implications of Information Security and Compliance to the current and future environment.

About Us

We are Dallas Fort Worth International (DFW) Airport-one of the most successful airports in the world by any definition. We are recognized for our innovation, leadership, drive for excellence and talented employees.

Our success is made possible because of the diverse talents of over 2,100 employees who champion our mission of providing an exceptional airport experience to our customers and connect our community to the world. We are looking for the best talent to join us and help reimagine what an airport can be.

Bring your talents to DFW. Live and work with purpose.