General Electric Cyber and Risk Manager in Rugby, United Kingdom
Job Description Summary
The Staff Regulatory Compliance Analyst, will be responsible for regulatory IT compliance tasks for new and existing non-commercial (e.g., GE Enterprise) products and processes for the Digital business organization.
Role Summary / Purpose:
The Director – Risk and Cyber Security is responsible for managing a comprehensive risk and cyber security program for the Power Conversion military and regulatory segments with a specific focus on UK, US, and France requirements. This role will develop and implement regulatory compliance programs to ensure adherence and compliance to government and regulatory standards and maintain required accreditations. The role is also responsible for developing and implementing processes and procedures to safeguard information systems and data while enabling the business to achieve their strategic objectives.
Define and develop a risk and cyber security program for Power Conversion’s military and government segments. Program elements include: security operations and incident response, data and asset protection, identity and access management, risk management, and vulnerability identification and remediation.
Achieve and maintain required regulatory certifications and/or accreditations as defined by business commercial goals.
Collaborate with business military regional leaders to develop and support required infrastructure, applications, and data protection requirements as defined by regulatory program guidelines.
Provide commercial support to business teams including translating and/or mapping third party requirements to internal program elements.
Partner across GE to adapt standard tools and procedures to specific regulatory requirements.
Partner with asset and application owners to ensure appropriate patching and/or remediation takes place on a timely basis for all Power Conversion assets and applications.
Oversee IT services provided by other GE organizations and third parties as they related to Risk and Cyber security program.
Manage vendor facing activities including RFP and SOW management, vendor negotiations, 3rd party resource onboarding, and ensuring vendor completes required deliverables as outlined in contractual agreements.
Manage project prioritization and successfully execute projects to agreed time, scope, budget and quality requirements.
Develop peer, cross-functional and cross-GE business relationships to maximize best practice sharing and team effectiveness to deliver and support quality initiatives.
Bachelor’s Degree in Computer Science or in “STEM” majors (Science, Technology, Engineering and Math) or equivalent.
Existing UK MOD clearance, or the ability to gain clearance in 6 months.
Two (2) years’ experience in IT, including experience in Risk, Compliance and Cyber Security programs.
Four (4) years’ experience managing IT Infrastructure and applications, including management of networks, servers, active directory, business applications, and client assets (both on premise and in cloud environments).
Resiliency and the ability to manage multiple priorities and evolving technical and regulatory requirements.
Experience in US, UK, and/or French Military / Government cybersecurity compliance and accreditation programs.
Experience in network security and related infrastructure technologies, cloud-based infrastructure, software defined networks and hybrid connectivity architectures.
Desire and proven ability to roll up sleeves and dig into technical aspects of the products.
Working knowledge of one or more risk control frameworks, processes and associated solutions architectures (e.g. NIST 800-53, ISO27000).
Experience with Cyber Essentials Plus certification process.
Experience in mapping industry and standards-based controls to various technology systems, products, ecosystems and platforms.
Formal certification in Security Management, including but not limited to, CompTIA Security+, CISSP, CPP, PCI, PSP, CISM, and/or CISA is a plus.
Relocation Assistance Provided: No