Sr Analyst, IT Security Compliance

Overview:

At Spirit, we live “More Fly.” It’s not just about getting from point A to B—it’s about feeling fly while you’re at it. For our Team Members, it means thinking BIG, taking action, making connections, and having a blast while doing it. From the station to the cockpit, the cabin to the computer, every day is an adventure as we redefine travel.

Soar with us and enjoy travel perks that bring you closer to what matters. Join a team that empowers you to bring your full self to work, grow personally and professionally, and fuel the communities we serve. At Spirit Airlines, the sky isn’t the limit—it’s just the beginning!

Responsibilities:

Job Summary

Success in the role will be measured by the effectiveness of the implementation and operation of information security governance, risk, and compliance directives.

• Identify, collect, organize, and review pertinent evidence such as user access reviews across multiple platforms and applications to determine compliance with relevant regulatory controls.
• Coordinate the internal and external SOX/PCI audits for IT.
• Acts as a liaison between Auditors and IT by coordinating requests for information and by coordinating responses to any observations.
• Establish and maintain security & controls, policies, and procedures in accordance with applicable regulations.
• Research new security compliance requirements and assist in the evaluation of compliance control requirements.
• Establish and report technology risk related metrics.
• Schedule and lead technical interviews with various stakeholders and leadership.
• Write detailed findings, remediation plans, and obtain supporting documentation.
• Ensures compliance with applicable information security standards and policies.
• Provide IT management guidance as to how to re-mediate pertinent action items to ensure ongoing compliance.
• Conduct and evaluate risk assessments for all kind of assets and entities including third parties.
• Effectively manages internal and external audit requests.
• Ensures timely delivery of completed user access reviews, respective remediation plans and actions.
• Ensures assets related findings are mitigated with appropriate controls.

Qualifications:

• Education
• Bachelor’s degree or equivalent experience (indicate specific field, if required)
• Experience
• 10+ years’ experience in IT audit, Information Security, and IT domains such as Governance, Risk, and Compliance (GRC), IT operations, incident response, identity and access management, penetration testing, vulnerability testing, e-discovery & forensics, application development, infrastructure, technical support, or business
• Previous experience in implementing and utilizing a GRC tool.
• Previous Identity and Access Management experience is a plus.
• Certifications
• One or more of the following CISSP, CGRC, CISA, CRISC preferred
• Specialized Skills & Competencies
• Working knowledge of how to apply information security frameworks such as NIST and ISO within an organization.
• Working knowledge of how to apply risk management frameworks within Information Security and the broader technology environment.
• Excellent written and verbal communication skills.
• Strong experience working with productivity tools such as MS Office
• Ability to interact confidently with various levels of technical and management positions.
• Possess a broad knowledge of technology operation group requirements and activities.
• Must be able to translate theoretical requirements into applicable policies and standards.
• Critical thinker
• Must be able to provide multiple solutions to complex problems – problem solver.

• Remote Work
• Onsite
• Travel
• No travel required
• Physical Effort
• Exerts up to 10 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects, including the human body. involves sitting most of the time but may involve walking or standing for brief periods of time.

EEOC Statement:

Spirit Airlines is an Equal Employment Opportunity employer. All aspects of employment are governed on the basis of merit, competence and qualifications without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or any other category protected by federal, state, or local law.