Senior Analyst, Security & Compliance (Hybrid)

Job Summary

Triumph Group designs, engineers, manufactures, repairs and overhauls a broad portfolio of aviation and industrial components, accessories, subassemblies, systems and aircraft structures. We partner with original equipment manufacturers (OEMs) and operators of commercial, regional, business and military aircraft worldwide, to provide products and services that solve their hardest problems. So whatever the part, component or complexity of assembly, Triumph is committed to quality, service and meeting the specialized needs of each customer. 

Triumph participates at all levels of the aerospace supply chain – from single components, to complex systems, to aerospace structures and their contents. We provide solutions for the entire product life cycle of an aircraft – from raw material to aftermarket service. Our unique ability to integrate a broad range of products and capabilities is our competitive advantage. 

Position Description

The Senior Compliance Analyst will provide technical, operational, and regulatory expertise for compliance and cybersecurity related matters.  With the Compliance team, they will collaborate with and influence IT and Cybersecurity teams, business stakeholders, and leadership to create, sustain, and strengthen the compliance program.  As a member of the Compliance team, the Senior Compliance Analyst is responsible for coordinating best-in-class Compliance strategies to accomplish key objectives for the organization. The Senior Compliance Analyst will act as a liaison between audit and compliance teams, functional and development teams, third party hosting providers, provide ongoing IT, Cybersecurity and business support and is responsible for assisting with managing Compliance processes, systems, and resources. 

Responsibilities

• Design and conduct (annually) an enterprise-wide self-assessment process in accordance with NIST SP 800-171a.
• Advise the organization on best practices for implementing or improving controls that satisfy NIST SP 800-171 requirements.
• Ensure the timely and successful completion of customer and regulatory audits or assessments (e.g., SOX, DFARS/CMMC) by providing ongoing support and periodic status reports to Management and audit teams.
• Support the remediation of findings by partnering with stakeholders to develop, monitor, track, and validate remediation activities.
• Increase the efficiency and effectiveness of the overall control environment by identifying opportunities to enhance or standardize existing controls or processes.
• Enforce standardization and consistency in process/control execution through periodic facilitation of documentation reviews including policies, processes, and procedures.
• Manage and update Compliance project plans, including issue escalation / resolution processes and prioritization of activities.  Communicate status updates timely (both verbal and written) to team members and Management.

.

• Integrate with the IT Program Management Office to provide real-time Compliance support and coaching for significant projects.
• Educate the organization and key stakeholders through the development and distribution of periodic training programs related to information security and internal controls.
• Periodically compile and report on key metrics related to the Compliance program to key stakeholders within Management and 3rd parties.
• Support the organization in maintaining an effective internal controls environment through the execution of critical controls monitoring.
• Develop/maintain working knowledge of laws and industry guidance for establishing, maintaining, and reporting on regulatory and compliance controls.
• Stay current on new, technical literature applicable to the internal control process (e.g., PCAOB guidance, SEC, COSO, COBIT, NIST, DFARS/CMMC, etc.) and abreast of emerging trends and leading practices around internal controls.

Position Requirements

• Bachelor’s degree in Information Technology, Management Information Systems, Cybersecurity, Computer Science, or related field.
• 6+ years’ experience working in information security, Compliance, IT audit, or equivalent, within a highly regulated industry.
• Travel up to 15% will be required for the purpose of meeting with site personnel, Management, and other stakeholders.
• Pursuant to International Traffic Arms Regulations (“ITAR”) and the Export Administration Regulations (“EAR”), applicants for SELECT positions will be required to provide proof of U.S. Citizenship, U.S. Permanent Residence, or U.S. Immigration Status in order to meet the minimum qualifications for those select positions. All inquiries related to citizenship are asked solely to comply with ITAR and EAR export licensing requirements.

• Legally authorized to work in the United States without company sponsorship. 
• Candidates must be located in Pennsylvania or Delaware

Qualifications

• An IT Security or Compliance related certification (Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Governance Risk & Compliance (CGRC)), or equivalent, is preferred.
• Proficient understanding of the NIST 800-171 framework (or comparable frameworks) and has demonstrated the ability to successfully implement, assess, and continuously monitor these requirements in a complex IT environment.
• General knowledge of common frameworks and regulations, such as Sarbanes-Oxley, NIST 800 series, CMMC, FedRAMP, Export Control, ISO, Privacy Acts.
• Has supported SOX and/or other IT General Control (ITGC) audits.
• Prior experience in the aerospace and/or manufacturing industry is a plus.
• Strong analytical, problem solving, critical thinking and ‘attention to detail’ skills.

.

• Ability to influence and educate others in the organization with compliance knowledge at a level of understanding appropriate to their job function.
• Excellent oral/written communications, organizational, teamwork, and interpersonal skills.
• Ability to multi-task in a dynamic, fast-paced environment.
• Demonstrate outstanding level of professionalism, including ability to exercise good judgment, discretion, tact, and diplomacy.
• Ability to analyze situations, identify existing or potential problems and recommend solutions.
• Drive and resourcefulness in making contributions both inside and outside assigned responsibilities.
• Ability to work both independently (under consultative direction only) and as part of a team.

#L1-Hybrid