Sr Analyst, IT Governance, Risk, & Compliance

Why Work for Frontier Airlines?

At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - its our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need – saving them money along the way.

What We Stand For

Low Fares Done Right is our mission and we strive to bring it to life every day. Our ‘Done Right promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - were not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality.

Work Perks

At Frontier, we like to think were creating something very special for our team members. Work is why were here, but the perks are nice too:

• Flight benefits for you and your family to fly on Frontier Airlines
• Buddy passes for your friends so they can experience what makes us so great
• Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages
• Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors
• Enjoy a ‘Dress for your Day business casual environment
• Flexible work schedules that support work/life balance
• Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1^st of the month following your hire date.
• We play our part to make a difference. The HOPE League, Frontier Airlines non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship

Who We Are

Frontier Airlines is committed to offering ‘Low Fares Done Right to more than 100 destinations and growing in the United States, Canada, Dominican Republic and Mexico on more than 350 daily flights. Headquartered in Denver, Frontiers hard-working aviation professionals pride themselves in delivering the companys signature Low Fares Done Right service to customers. Frontier Airlines is the proud recipient of the Federal Aviation Administrations 2018 Diamond Award for maintenance excellence and was recently named the industrys most fuel-efficient airline by The International Council on Clean Transportation (ICCT) as a result of superior technology and operational efficiencies.

What Will You Be Doing?

The IT Governance, Risk, & Compliance (GRC) Senior Analyst will support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The IT GRC Senior Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Senior Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, TSA, and data privacy standards/regulations. The senior analyst will implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The senior analyst will have a unique opportunity to partner and engage with departments across the organization, including Cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams.

Essential Functions

• Make an impact on the organizations security program and services through experience with various cybersecurity concepts including data governance, risk management, metrics, audit, policy, and standards development.
• Partner with Finance, Accounting, and Internal Audit teams to understand our processes and how technology controls fit into those processes.
• Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability.
• Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies.
• Coordinate control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews.
• Assist in conducting management audits, producing reports with recommendations for remediation and improvement.
• Oversee development and implementation of security policies, procedures, and documented security controls.
• Maintain a regulatory (PCI/SOX/TSA) control database, inventorying control ownership, control objectives, and testing objectives.
• Lead and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments.
• Facilitate key operations of due diligence, on-going monitoring, and risk exception/waiver management.
• Deliver risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results.
• Develop and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives.
• Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards.
• Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.
• Develop and disseminate cybersecurity training and awareness for organizational users, administrators, and developers.
• Coordinate the management and maintenance of the enterprise-wide Cybersecurity Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, bulletins, and newsletters.
• Oversee controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective.
• Perform assessments on our Third Parties, aimed at reducing organizational risk from a cybersecurity perspective.
• Develop relevant and actionable reporting/presentations to stakeholders and executive management.
• Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, TSA, PCI, and SOX) and escalate findings appropriately.
• Mentor junior compliance analyst(s)/GRC team members.
• Perform other related duties as assigned.

Qualifications

• Bachelors degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field.
• 5+ years experience in vendor risk management, IT risk management, and/or data privacy role.
• 5+ years experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role.
• Ability to develop policies, standards, and procedures in compliance with laws, regulations, and industry best practices in support of organizational cyber activities.
• CISA or CRISC certification (current or to be obtained within first 6 months)
• Preferred, but not required:
• Experience with the airline industry a plus.
• Hold an active GRC certification, such as CISSP, CISM, CRMA, or GIAC.
• Big-4 accounting firm experience is a plus.

Knowledge, Skills and Abilities

• Extensive experience with risk management as it relates to Cybersecurity.
• Extensive experience with security audits.
• Extensive experience in controls testing in line with SOX frameworks.
• Extensive experience developing cybersecurity and IT controls, policies, and procedures.
• Proficient in developing and maintaining policies, standards, and guidance artifacts.
• Extensive experience identifying, tracking, reporting and remediating IT/Cyber procedural and technical risk.
• Strong understanding on implementing effective control and/or mitigation options to manage security risks.
• Display a working knowledge of SOX IT General Controls (ITGC) requirements.
• Proven ability to plan and execute ITGC testing and subsequent status reporting.
• Knowledge of industry frameworks, regulations, or contractual rules such as PCI-DSS, HIPPA, NIST, ISO, ITIL, GDPR, COSO, COBIT, and SOC1/2.
• Knowledge of industry trends and current and emerging risks.
• Ability to facilitate a climate of cohesiveness, cooperation, and teamwork.
• Self-directed professional with strong work ethics and excellent organizational skills.
• Exceptional consultative and interpersonal skills that have resulted in business relationships of impeccable trust, confidence, and results.
• Ability to work in a fast paced, sometimes stressful team environment with the ability to adapt to new, different, or changing situations.
• Familiarity with working cross departmentally (Internal Controls, Finance, Accounting, People).
• Very strong analytical skills.
• Excellent verbal, written, and presentation skills.
• Proficient in Microsoft Office suite of applications (Word, Excel, PowerPoint, Access, SharePoint, etc.).

Equipment Operated

Experience using GRC, third-party risk management, and identity access & governance platforms.

Work Environment

Typical office environment, adequately heated and cooled.

Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Positions Supervised

Does not supervise resources.

Salary Range:

$90,094 - $119,583

Please note: this posting has a closing date of 5/10/2024, midnight MT.

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

Frontier Airlines, Inc. is an equal opportunity employer and, as such, is committed to providing equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability status, pregnancy, genetic information, citizenship status or any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.