IT Governance Strategist

Key Responsibilities

The IT Governance, Risk Management and Compliance Analyst plays a critical role in ensuring effective organizational governance, risk management and compliance.

Governance

• Develops comprehensive IT governance policies, processes and procedures to align with multiple regulatory requirements, including NIS2, PART-IS, AVSEC.

• Collaborates with cross-functional teams to enhance IT governance initiatives and drive business value.

• Designs training programs to improve IT governance understanding across the organization.

• Works closely with Safety and Security teams to ensure alignment between Governance Activities (IT, Safety, Security).

Risk Management

• Oversees the IT Risk Register, ensuring team commitment to mitigate or eliminate risks.

• Conducts thorough Risk Assessments of IT Systems (existing and newly proposed) to identify potential vulnerabilities.

Compliance

• Ensures adherence to relevant legal and regulatory standards, including NIS, NIS2, Part IS, AvSec, GDPR.

• Implements Information Security Management System (ISMS) tooling to streamline compliance efforts and achieve Continuous Compliance.

• Facilitates tabletop exercises to ensure IT and Leadership teams respond effectively to documented policies and procedures.

• Coordinates IT audits and compliance reviews, recording and managing feedback items received from these activities.

Qualifications, Skills, and Experience

The ideal candidate will possess:

• A Bachelor's degree in IT, Computer Science, or related field. Alternatively, substantial relevant experience will be considered.

• 3+ years' experience in a Compliance or Cyber Security focused role, with an interest in transitioning into an IT GRC role.

• Certification in CISA, CRISC, or CISSP is preferred but not essential.

• Project experience with ISO-, NIS/NIS2, AVSEC, PART-IS regulations is preferred but not essential.

• Familiarity with risk management methodologies and compliance tools.

• A track record of contributing to achievement of regulatory compliance.

• Excellent communication, problem-solving, and analytical skills.

• Strong grasp of cyber security concepts.