Sr IT SOX & Risk Management Analyst

Gulfstream Aerospace Corporation

Savannah, Georgia 31401
29/1 /2021
JOB ID: 159345 Specialty: Information Systems




Unique Skills:

Nexpose experience or experience with a Vulnerability Scanning tool; OneTrust experience or experience with Risk Assessment tool; PowerShell scripting; Ruby scripting

Education and Experience Requirements:

Bachelor's Degree in IT related area, Business Administration required or equivalent combination of education and experience sufficient to successfully perform the essential functions of the job. 7 years of Finance, Accounting, Security, or Information Technology functions or relevant experience required. Other CISSP CSOE within last 5 years preferred.

Position Purpose:
Under minimal supervision, supports the IT governance function with an emphasis on Sarbanes Oxley (SOX), Risk Management, and Internal Audit. The position leads accounting on SOX control testing, reporting and remediation plans. It also works closely with the business and IT on internal audit, internal assessments, establishing controls, continuous process improvement, and remediation plans. Monitors compliance with operating policies and procedures that affect both IT and the company as a whole.

Principle Duties and Responsibilities:

Essential Functions: 1. Support Annual IT SOX Effort and annual Internal Audit Efforts 2. Report interim and final audit findings and remediation recommendations 3. Operational Management Support of IT SOX and Cyber Security 4. Develop Risk Management Strategies 5. Regularly evaluate new or revised processes/controls to ensure they are operating effectively 6. Obtain signoff from management of the revised processes within each manager’s area of responsibility 7. Maintain a library of project documentation 8. Regularly report progress to management team, stakeholders and other parties 9. Manages Patch and Vulnerability Team (PVT) efforts 10. Understand approaches for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure changes, changes in development processes, cloud, and mobile devices 11. Compiles and tracks vulnerabilities and mitigation results to quantify program effectiveness 12. Reports PVT Metrics to Cyber Executive Committee 13. Manages Risk Assessment, Variance, and Exception processes 14. Monitors compliance with organization policies and standards 15. Identifies opportunities that use information security methodologies and / or controls to improve processes, documentation, or other areas of security related performance. 16. Develop scripts to automate risk and cyber assessment reporting / tracking 17. Prepare and deliver training workshops, sessions, materials, and presentations to assist process owners, employees, and management with transition from old processes or controls to new ones Perform other duties as assigned.

Other Requirements: 1. Advanced degree or certification desirable. Masters Degree may offset one year where a PhD in related field maybe used to reduce work experience by two years.

A credit history check from a national credit bureau will be conducted for all candidates for this position including new hires and current employees seeking promotion or transfer.

Additional Information

Requisition Number: 159345

Category: Information Systems

Percentage of Travel: Up to 25%

Shift: First

Employment Type: Full-time

Posting End Date: 02/11/2021

Equal Opportunity Employer/Veterans/Disabled.

Gulfstream does not provide work visa sponsorship for this position, unless the applicant is a currently sponsored Gulfstream employee.

Savannah, GA

Savannah, Georgia