GRC Compliance Manager, Cyber Security

Date Posted:

Country:

Location:

Position Role Type:

We are currently seeking a GRC Compliance Manager to join our Cyber Security team. This is a *remote role based in the UK.

This role will be part of the Global GRC organisation, reporting to a Compliance Leader. Roles and responsibilities include planning, coordinating, and communicating compliance activities for internal organisations as well as supporting internal and external audits with regulators. This also includes audit issue lifecycle including identifying issues from all inputs, providing periodic status from the issue owners, and designing and completing appropriate validation that the findings have been addressed in a way that will not reoccur. This role will also include providing certifications to our commercial customers.  

What You Will Do:

• Lead and facilitate various internal & external audits

• Manage small and medium-sized projects

• Partner, manage communication, and function as a liaison with external auditors and business units

• Assess compliance with policies, standards, and regulations through the performance of compliance assessments, risk assessments, and controls testing

• Perform root cause analysis for non-compliance areas and make recommendations for corrective actions

• Work with control owners, business partners and Enterprise Cyber teams to ensure controls are well defined and in compliance with applicable laws and regulations.

• Monitoring remediation activities, report progress, and publish metrics

• Assist in educating and training individuals across the approved organisations including control and process owners related to compliance concepts, requirements, and responsibilities and establish awareness regarding role of the overall compliance function.

• Recommend and implement new processes, policies, standards or operating plans in support of strategies.

• Regularly provide SME support to the business unit teams

• 25% travel   

Qualifications / Experience You Must Have: 

• Bachelor's degree and prior relevant experience 

• Experience with IT controls frameworks (e.g., ISO 27001, National Institute of Standards and Technology (NIST , 800-53, etc.

• Experience facilitating and coordinating cyber security risk and compliance assessments

• Ability to build and maintain customer relationships; strong team player, able to meet deadlines and adjust to changing priorities

• Ability to work collaboratively with remote team members including team members in other regions

• Strong analytical and problem-solving skills and proactive, critical thinking skills.

• Strong written/verbal communications skills

• Demonstrated aptitude working with broad-ranging talent

• Must be fluent to read and write in English

Qualifications / Experience We Value:

• Experience in regulations and directives including GDPR, EASA Part-IS, NIS2 Directive, Cyber Essentials Plus, etc.

• Security certifications (i.e., Security +, CISSP, etc.)

• IT Governance and Risk Management certifications (i.e., CISA, CISM, CRISC, etc.)

• Quality/ safety experience in aerospace or automotive industry

• Industry Experience working with/for EASA, US DOD, Commercial Airlines, and Aerospace OEMs

• Project management experience

What We Offer:

• Competitive salary

• Private Medical Insurance

• Health & Well-being Cash Plan

• Fantastic Pension Scheme which operates as a 2:1 match up to 10%

• Life Assurance

• 25 days annual leave plus bank holidays plus the ability to buy / sell up to 5 days each year

• Employee selectable top up benefits

• Peer Recognition awards

• And so much more

Apply now to learn more

*Please ensure the role type (defined below) is appropriate for your needs before applying to this role.

Remote: Employees who are working in remote roles will work primarily offsite (from home).  An employee may be expected to travel to the site location as needed. 

Key Words:

GDPR, EASA Part-IS, NIS2 Directive, Cyber Essentials Plus, ISO 27001, National Institute of Standards and Technology (NIST), , 800-53, CISSP, CISA, CISM, CRISC, CompTIA Security+

RTX adheres to the principles of equal employment. All qualified applications will be given careful consideration without regard to ethnicity, color, religion, gender, sexual orientation or identity, national origin, age, disability, protected veteran status or any other characteristic protected by law.  

Privacy Policy and Terms:

Click on this link to read the Policy and Terms