Senior IT Compliance Analyst

Job Overview

Under supervision of the Senior Information Security Manager, works with the Technology Security and Compliance team to meet regulatory requirements and Board policies, protect the Board’s information assets and ensure continued compliance.

• Partners with senior management to improve internal IT control framework, including integration of multiple compliance requirements and standards such as PCI-DSS, CJIS and TSA’s Cyber and IT security through the Airport Security Program (ASP) across all existing and new enterprise applications, services, networks and users.
• Track internal and external control assessments, vulnerability reports, penetration reports, ASV scans, CJIS audits, internal and external audits, including remediation efforts.
• Partner with various IT groups and DFW departments to meet agreed upon timelines to address security risks in a timely fashion.
• Participate in regulatory compliance processes across the enterprise.
• Interacts with various business and IT groups to review, assess, and monitor compliance with various programs such as CJIS, PCI and HIPAA.
• Support the development, maintenance and updating of information security policies, processes and procedures.
• Assist in identifying and reporting risk areas and compliance issues to IT management, recommend cost effective remediation actions and continuously improve the control environment.
• Partner with the ITS Project Management Office (PMO) to create managed work and projects around cyber and IT security compliance efforts.
• Partner with departments and application owners to proactively coordinate the creation and collection of required disaster recovery planning prerequisites (Risk Assessments, BIA’s, Run Books, Diagrams, Assets, Resources, Dependencies and Test Plans).

• Bachelor's degree in computer science, business administration or related field.
• Five (5) years of experience in risk management, governance, information technology or compliance.
• Experience with PCI compliance and Disaster Recovery Plan development, testing and maintenance.
• Experience using and/or administering a Governance, Risk, and Compliance (GRC) enterprise platform and Disaster Recovery Assurance Application.
• Experience using Security-related (vulnerability, SSL tracking, etc.) platforms to gather information for compliance reporting.
• Any equivalent combination of education and/or experience may be substituted for the above on a year-for-year basis.
• Possession of a valid class C driver's license.

• Knowledge and experience in reviewing third-party security reports (SOC 1 &
  2).
• Knowledge of CIS Version 7 or 8, NIST Cybersecurity Framework and Shared Assessments.
• Knowledge of information security concepts, standards, frameworks and best practices.
• Knowledge of principles and procedures involved in handling sensitive data.
• Knowledge of Single Sign On (SSO), Multifactor Authentication (MFA), Privilege Access Management (PAM) and Encryption.
• Ability to communicate clearly and effectively, both orally and in writing, at all levels within and outside the organization.
• Ability to establish and maintain effective working relationships inside and outside the organization.
• Ability to evaluate and recommend preventative and corrective controls to mitigate risk to the Airport Board.
• Strong organization skills with the ability to handle multiple work streams.
• Skill in project management, problem-solving and conflict resolution.
• Skill in all Microsoft 365 solutions, Power
  
  BI reporting, and Docu Sign.
• High integrity and business ethics.

Must obtain a Security Identification Display Area (SIDA) Airport Identification/Access Badge (badge) in accordance with Department of Homeland Security Transportation Security Administration (TSA) requirements in Chapter 49 of the Code of Federal Regulations Part 1500 et. Al. and DFW Airport’s Airport Security Program within thirty (30) days from date of employment and maintain qualification for a SIDA badge upon each badge renewal.

• Ability to work efficiently and independently with minimum supervision (self-motivated and willing to…