Apply now »

Title:  Senior Analyst Cyber Security

Location: 

Long Island City, NY, US, 11101

Req ID:  51776

Position Summary

The Senior Cyber Security Analyst for Third-Party Risk and Compliance will work with the Program Manager and the rest of the team in the evolution, development, and management of JetBlue’s Third-Party cyber risk management program. The position will consist of evaluating data and reports on the security posture of key Business Partners and third parties, gathering, analyzing, and interpreting security control evidence from those parties, and managing cases and communication to help improve and ensure the Partners’ security posture to protect JetBlue’s systems, data and customers. Candidates should be available outside normal working hours when necessary to participate in occasional security exercises as well as emergency events such as security incidents, breaches, investigations, etc.

 

The Senior Cyber Security Analyst for Third-Party Risk and Compliance works directly and in continuous concert with other teams; as such, interpersonal and communication skills, relationship-building, and organizational effectiveness will be as important as technical acumen for the successful candidate.

Essential Responsibilities

  • Uses current or to-be-acquired tools to perform security due diligence on third party Partners to determine the effectiveness of their controls to protect JetBlue company and customer data, identifies any discrepancies and provides recommendations to management
  • Develops, implements, assigns, and monitors third party vendor assessments
  • Monitors third party vendor security posture using a variety of tools and/or services
  • Executes and documents assessment activities following established processes and procedures
  • Improves existing Business Partner onboarding questionnaire review/response process
  • Keeps abreast of the regulatory and compliance environment to enhance the third-party due diligence program
  • Collaborates with team members to provide subject matter expertise with respect to JetBlue’s third-party risk management program, and creates and updates documents and presentations that can be used to inform employees, auditors and/or the monitored third-parties about the program
  • Contributes to the continuous improvement, including automation where possible, of all aspects of the third-party risk management program based on expert knowledge, industry best practices, business objectives and risk tolerance, keeping the program relevant and in alignment with the business objectives
  • Leads third party risk/threat notification to Business Partners by assessing Business Partner risk, impact and response to high priority risks/threats (e.g., assessing Log4J vendor impact and response communications)
  • Tracks Business Partner mitigation progress of identified threats and risks and tracks cases to resolution
  • Develops, implements, monitors KPI, KRI for third party risk management program
  • Develops and updates third party risk management program policies, procedures, and best practices
  • Actively participates in outside Third-Party Risk Management communities
  • Identifies Information Security & Business Continuity risks to senior management & makes recommendations for corrective actions/mitigation of risks
  • Assesses BCP/DR compliance status of third-party Business Partners and communicates their status/impact to JetBlue’s BCP/DR team
  • Other duties as assigned

Minimum Experience and Qualifications

  • Bachelor’s degree in Information Technology, Information Systems, Information Security, Business Administration, or Risk Management; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant experience
  • Four (4) years of experience in implementing and/or supporting IT risk management processes.
  • Four (4) years of experience in responding to vendor IT risk assessments
  • Understanding of information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices
  • Demonstrates strong communication skills to ensure smooth data collection experience and work successfully and collaboratively with Business Partners
  • Able to serve, report and present as a specialist on complex technical and business matters, and work independently
  • Demonstrate basic project management and documentation skills to manage multiple parallel work streams
  • Ability to multitask and complete assignments within deadlines that may have short lead times
  • Work well under pressure with tight deadlines to deliver superior service
  • Available for occasional overnight travel (20%)
  • Must pass a pre-employment drug test
  • Legally eligible to work in the country in which the position is located
  • Authorization to work in the US is required. This position is not eligible for visa sponsorship

Preferred Experience and Qualifications

  • Familiar with contractual clauses and best practices that may be enforced to achieve third-party Business Partner compliance (right to audit, minimum security requirements, SLAs, 3rd party assessments, etc.)
  • Industry certifications preferred (e.g., CTPRP, CISSP, CISM, CRISC, CIPP, CISA) or willingness to obtain
  • Working knowledge of security standards, frameworks and best practices (ISO 27001/27701, NIST 800-53, CSA, OWASP, CIS Controls)
  • Experience working with compliance issues dealing with sensitive data preferred
  • Proficiency with Windows-based software and Microsoft Office suite

Crewmember Expectations:

  • Regular attendance and on-time punctuality
  • Potential need to work flexible hours and be available to respond at short notice
  • Able to maintain a professional appearance
  • When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
  • Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
  • Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards
  • Identify safety concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))

Equipment:

  • Computer and other office equipment

Work Environment:

  • Normal office environment

Physical Effort: 

  • Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

Compensation: 

  • The base pay range for this position is between $100,000.00 and $128,600.00 per year. Base pay is one component of JetBlue’s total compensation package, which may also include access to healthcare benefits, a 401(k) plan and company match, crewmember stock purchase plan, short-term and long-term disability coverage, basic life insurance, free space available travel on JetBlue, and more.

 

#LI-NL1

JetBlue Airways is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.


Nearest Major Market: Brooklyn
Nearest Secondary Market: New York City

Apply now »