Information Security GRC Analyst
- FLIR Systems
- Job Category
- Banking & Financial Services
- Job Type
At FLIR, we have a simple but ambitious mission: to develop market-leading thermal and sensing technologies which enhance everyday life. From saving energy, to saving lives FLIR is making a real difference in our world.
Our products are used in a wide array of situations to rescue people in danger, detect criminals, conserve energy, navigate safely, provide security around the globe, and protect our environment.
We are looking for individuals who thrive on making an impact and want the excitement of being on a team that wins.
Location: This role can be located in Stillwater, OK or Freeport, PA. Consideration also given for the role to be based at other FLIR facility locations.
This is a regulatory compliance role with a significant focus on supporting programs that require classified information systems and requires a high level of technical expertise. This is a contractually mandated position directly in support of approximately $300M of ongoing contract revenue.
The person in this position is responsible for the oversight and implementation coordination of a broad range of industry, contractual, and regulatory governance efforts as they relate to securing various IT systems across the enterprise, including classified information systems. This will include requirement analysis, policy coordination, and procedure development, as well as the day-to-day operation of relevant information security tools. Additionally, this individual interacts closely with product vendors, service providers, personnel from various IT functions, business departments including legal and trade compliance, as well as with outside council.
Primary Duties & Responsibilities:
- Serves as the corporate Information Systems Security Manager (ISSM) developing and maintaining the overall security posture for FLIR’s classified information systems.
- Coordinates the unified implementation of the Risk Management Framework (RMF) on classified information systems.
- Ensures all system security documentation is current and properly recorded.
- Coordinates classified system authorizations with the ISSP and AO.
- Certifies that the requirements listed within the security plan are sufficient and fully implemented.
- Submits the security plan and supporting artifacts to the ISSP for AO review and consideration.
- Coordinates ISSO activities to ensure they follow established system policies and procedures.
- Ensures all ISSOs receive the necessary technical security training to carry out their duties.
- Coordinates with the cleared contractor’s Facility Security Officer and Insider Threat Program Senior Official to ensure insider threat awareness is addressed within the cleared contractor’s system security programs.
- Briefs users on their responsibilities with regard to system security and verifies that cleared contractor personnel are trained on the system’s prescribed security restrictions and safeguards before they are allowed to access the system.
- Develops and evaluates compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company and allied assets and information.
- Researches and interprets current and pending governmental laws and regulations, industry standards, and customer and vendor contracts to communicate compliance requirements.
- Conducts information security risk assessments, security compliance audits and cybersecurity audits.
- Establishes IT security audit procedures for relevant regulatory requirements & control frameworks.
- Evaluates and tests the design and operating effectiveness of IT security controls.
- Maintains compliance of internal IT security controls by meeting internal and external information security requirements
- Documents, investigates, and reports cybersecurity compliance issues and incidents.
- Works with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
- Coordinate remediation required by audits, and document exceptions as necessary.
- Collate assessment data to produce reports suitable for non-technical recipients.
- Reports findings to management and communicates recommendations for corrective actions.
- May provide support for Sarbanes-Oxley (SOX) and PCI-DSS compliance.
- Must be a U.S. Citizen.
- Ability to obtain and maintain DoD industry clearance at a Secret level.
- Minimum of two years of IT or network security experience
- Bachelor's degree in information systems, or equivalent work experience.
- Certified Information Systems Security Professional (CISSP) certification.
- Knowledge of the various industry and government regulatory standards and control frameworks, including US NIST SP800-53 & SP800-171, CMMC, CMMI, UK Cyber Essentials, ISO 27001/2, & PCI-DSS 3.2.1
- Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
- Experience in developing, documenting and maintaining security policies and procedures.
- CDSE Courses CS102-107 & CS200
- Knowledge of network infrastructure, including routers, switches, firewalls, and associated network protocols and concepts.
- Strong analytical and problem-solving skills with a significant focus on attention to detail.
- Ability to establish a comprehensive, consistent common operating picture of complex systems, specifically as it relates to cybersecurity program governance as well as consistent unification of multiple control frameworks within a single operating environment.
- Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.
- Ability to work well under minimal supervision.
- Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT-business personnel.
FLIR and all of our employees are committed to conducting business with the highest ethical standards. We require all employees to comply with all applicable laws, regulations, rules and regulatory orders. Our reputation for honesty, integrity and high ethics is as important to us as our reputation for making innovative sensing solutions.
FLIR is an equal opportunity employer.