GE Jobs

Mobile GE Logo

Job Information

General Electric Regulatory Compliance Analyst in Cheltenham, United Kingdom

Job Description Summary

GE Aviation is seeking a strong candidate with technical breadth and depth to assist our Cyber Security team with regulatory compliance and information assurance activities. As a Regulatory Compliance Analyst, you will engage in all phases of interpreting regulatory and contractual requirements, mapping controls, assessing controls and advising Digital Technology and wider business teams on control implementation.

Job Description

Roles and Responsibilities

In this role, you will:

• Perform compliance assessments and data security governance reviews for internal and external service providers/product owners utilising established IT risk assessment frameworks and assessment programs

• Implement industry compliance frameworks and/or compliance regulations (HMG/UK MOD Requirements, ISO27001/2 Standards, UK/EU DPA/GDPR Personal Data Protection Requirements)

• Assist in the maintenance UK Cyber Essentials Scheme certification / UK DCPP Cyber Security Model (CSM) and US CMMC compliance

• Complete Supplier Assurance Questionnaires (SAQs) and conduct Risk Assessments (RAs) as part of CSM and similar Supply Chain assurance processes

• Complete DART Accreditation/Assurance and Risk Balance Case Submissions in coordination with Infrastructure/Application Owners and UK MOD CyDR CySAAS

• Conduct Firewall/Security Compliance Reviews and contribute to Architectural Reviews

• Support Legal, Contract, Bid Teams and Functional Compliance Owners with contract reviews and customer/supplier negotiations – cybersecurity and information assurance compliance aspects

• Assist in coordination/response to MODCERT alerts/directives and submission of JSyCC Incident Reports

• Provide practical recommendations to infrastructure/application/product owners to remediate control gaps based on risks

• Work in close daily partnership with UK, US and International Digital Technology and Cyber teams across entire technology stack

• Work proactively as part of a cross-functional team engaging with, taking advice from and providing advice to: contracts, product, engineering, security, sourcing, legal, and compliance

• Establish operating rhythm to report out on key metrics including status of assessments and issue management

• Interpret regulatory and contractual requirements, stay current and utilise industry standards and best practices to drive improvements in overall security posture of infrastructure, applications and services

• Manage cyber related audit activities, including responding to enquiries, scheduling SME's, and acting as the point of contact for internal/external auditors

• Manage the documentation and response to regulatory compliance risk exceptions and acceptances to ensure the appropriate level of business oversight

• Support the UK ITSO

• Actively engage with key regulatory agencies, customers and participate in UK DIB trade association related groups to influence regulation and interpretation

Education Qualification

Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) or Vocational Equivalent, with advanced experience

Desired Characteristics

• Experience in designing, enhancing and implementing processes (lean experience a plus)

• CISSP/CISM/CISA certification – ISO27001 Lead Implementer/Auditor, MCIIS, ITPC, CCP or ex-CLAS a plus

• Experience in identification and remediation of security threats and risks

• Experience auditing technologies (e.g. Oracle ERP, Oracle Database, MS SQL, Windows, Unix, Linux, Cloud, etc)

• Familiar with HMG/MOD Information Assurance Standards and Requirements (e.g. HMG SPF/GovS-007, NCSC & CPNI Guidance, UK MOD JSP 440, JSP 604, DEFCON 658, DEFSTAN 05-138, etc) - familiarity with International Standards and Requirements (e.g. US NIST SP 800-53, SP800-171, CMMC, FAR/DFARS, NATO, OCCAR, AU DSD, etc) a plus

• Familiar with enterprise infrastructure designs and concepts including Authentication, Logging, Interconnectivity, Internet and Application Proxy, Cloud Computing, Data Centre Hosting, Application Code Security, Virtual Computing, Database Administration, Data Storage, Data Backup, Encryption, Middleware, Firewall Policy, Operational Technology, Network Segmentation, Mainframe, etc. experience of NCSC architectural patterns and security principles a plus

• Strong functional team player with experience working seamlessly across a heavily matrixed structure

• Excellent interpersonal, written/verbal communication and leadership skills with the ability to quickly build credibility, influence and make recommendations to all levels

Flexible Working

GE supports and encourages flexible working arrangements, where possible, and recognises the benefits to employees of having a positive work-life balance.

Total Reward

At GE Aviation we understand the importance of Total Reward. Our flexible benefits plan, called FlexChoice, gives you freedom, choice and flexibility in the way you receive your benefits, as well as giving you the opportunity to make savings where possible.

As a new joiner to GE we are pleased to be able to offer you the following as default in your benefit fund, which you then can tailor to meet your individual needs;

  • Non-contributory Pension

  • Life Assurance

  • Group income protection

  • Private medical cover

  • Holiday Hourly equivalent of 26 days, with flexible option to buy or sell

Right to Work

Applications from job seekers who require sponsorship to work in the UK are welcome and will be considered alongside all other applications. However, under the applicable UK immigration rules as may be in place from time to time, it may be that candidates who do not currently have the right to work in the UK may not be appointed to a post if a suitably qualified, experienced and skilled candidate who does not require sponsorship is available to take up the post. For further information please visit the UK Visas and Immigration website.

Security Clearance

Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. Please note that in the event that BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on grounds of national security. Please see the link below for further details regarding the requirements for BPSS clearance: https://https/www.gov.uk/government/publications/government-baseline-personnel-security-standard (https://https/www.gov.uk/government/publications/government-baseline-personnel-security-standard)

UK Security Clearance

UK Security Clearance (SC) is required and must be maintained for this role. Candidates who do not meet the minimum requirements for UK Security Clearance are not eligible for this role on grounds of national security. If UK Security Clearance is not obtained, any offer of employment may be withdrawn on grounds of national security.

Additional Information

Relocation Assistance Provided: No

DirectEmployers