Job Description SummaryThe Sr Regulatory Compliance Analyst, will be responsible for regulatory IT compliance tasks for new and existing non-commercial (e.g., GE Enterprise) products and processes for the Digital business organization.
This role is fully remote/home based but will require quarterly travel to our GE office/s and occasionally to relevant conferences and events.
*Please note* SC Clearance is required for this role. Due to the nature of this position, we cannot accept applications from people who cannot obtain SC clearance.Job Description
In this role, you would:
• Perform compliance assessments and data security governance reviews for internal and
external service providers/product owners utilising established IT risk assessment frameworks and assessment programs
• Assist with the Implementation of industry compliance frameworks and/or compliance regulations (HMG/UK MOD Requirements, ISO27001/2 Standards, UK/EU DPA/GDPR Personal Data Protection
Requirements)
• Assist in the maintenance UK Cyber Essentials Scheme certification / UK DCPP Cyber Security
Model (CSM) and US NIST CMMC compliance
• Assist in submission of Supplier Assurance Questionnaires (SAQs) and conduct Risk Assessments (RAs) as part of CSM and similar Supply Chain assurance processes
• Assist in the submission of DART/SbD Accreditation/Assurance and Risk Balance Case Submissions in coordination with Infrastructure/Application Owners and UK MOD CyDR CySAAS
• Conduct Firewall/Security Compliance Reviews and contribute to Architectural Reviews
• Support Legal, Contract, Bid Teams and Functional Compliance Owners with contract reviews and customer/supplier negotiations – cybersecurity and information assurance compliance aspects
• Assist in coordination/response to MODCERT alerts/directives and submission of WARP Incident Reports
• Provide practical recommendations to infrastructure/application/product owners to remediate control gaps based on risks
• Work in close daily partnership with UK, US and International Digital Technology and Cyber
teams across entire technology stack
• Work proactively as part of a cross-functional team engaging with, taking advice from and providing advice to: contracts, product, engineering, security, sourcing, legal, and compliance
• Interpret regulatory and contractual requirements, stay current and utilise industry standards and best practices to drive improvements in overall security posture of infrastructure,
applications and services
• Manage the documentation and response to regulatory compliance risk exceptions and
acceptances to ensure the appropriate level of business oversight
• Support the UK Cybersecurity Officer
Education Qualification
Bachelors Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and
Math) or Vocational Equivalent, with advanced experience
Desired Characteristics
• Experience in designing, enhancing and implementing processes (lean experience a plus)
• CISSP/CISM/CISA certification – ISO27001 Lead Implementer/Auditor, MCIIS, ITPC, CCP or ex- CLAS a plus
• Experience in identification and remediation of security threats and risks
• Experience auditing technologies (e.g. Oracle ERP, Oracle Database, MS SQL, Windows, Unix, Linux, Cloud, etc)
• Familiar with HMG/MOD Information Assurance Standards and Requirements (e.g. HMG
SPF/GovS-007, NCSC & CPNI Guidance, UK MOD JSP 440, JSP 604, DEFCON 658, DEFSTAN 05-
138, etc) - familiarity with International Standards and Requirements (e.g. US NIST SP 800-53, SP800-171/2, CMMC, FAR/DFARS, NATO, OCCAR, AU DSD, etc) a plus
• Familiar with enterprise infrastructure designs and concepts including Authentication,
Logging, Interconnectivity, Internet and Application Proxy, Cloud Computing, Data Centre Hosting, Application Code Security, Virtual Computing, Database Administration, Data Storage, Data Backup, Encryption, Middleware, Firewall Policy, Operational Technology, Network Segmentation, Mainframe, etc. experience of NCSC architectural patterns and security principles a plus
• Strong functional team player with experience working seamlessly across a heavily matrixed
structure
• Excellent interpersonal, written/verbal communication and leadership skills with the ability to quickly build credibility, influence and make recommendations to all levels
Flexible Working
This role is fully remote/home based but will require quarterly travel to our GE office/s and occasionally to relevant conferences and events.
Total Reward
At GE Aviation we understand the importance of Total Reward. Our flexible benefits plan, called FlexChoice, gives you freedom, choice and flexibility in the way you receive your benefits, as well as giving you the opportunity to make savings where possible.
As a new joiner to GE we are pleased to be able to offer you the following as default in your benefit fund, which you then can tailor to meet your individual needs;
• Non-contributory Pension
• Life Assurance
• Group income protection
• Private medical cover
• Holiday Hourly equivalent of 26 days, with flexible option to buy or sell
Right to Work
Applications from job seekers who require sponsorship to work in the UK are welcome and will be considered alongside all other applications. However, under the applicable UK immigration rules as may be in place from time to time, it may be that candidates who do not currently have the right to work in the UK may not be appointed to a post if a suitably qualified, experienced and skilled candidate who does not require sponsorship is available to take up the post. For further information please visit the UK Visas and Immigration website.
UK Security Clearance
UK Security Clearance (SC) is required and must be maintained for this role. Candidates who do not meet the minimum requirements for UK Security Clearance are not eligible for this role on grounds of national security. If UK Security Clearance is not obtained, any offer of employment may be withdrawn on grounds of national security.
Additional Information
Relocation Assistance Provided: No
