How youll help us Keep Climbing (overview & key responsibilities) The Sr. Security Engineer – Governance, Risk, and Compliance, is a creative, well-rounded communicator who excels at the strategy and the tactics necessary to ensure that the Information Security Governance team is effectively changing organizational behavior, fostering a secure culture, and reducing security risk through well documented and communicated policies, standards, and information security metrics. This is a people-focused position with an opportunity to create new processes and solutions and drive results within a team responsible for transforming the way Information Security supports our business and helps protect the information our customers, employees and business partners entrust to our care. We believe that Delta’s people play a critical role in our cyber threat defense and maintaining a vigilant and security-aware workforce is the best strategy for detecting and thwarting cyber-attacks, running a successful operation, serving our customers, and maintaining a world class workforce. In this role, you’ll partner closely with others in the Information Security Division to drive aligned results and solve the big problems.Your Responsibilities in the role:Provide Policy and Standards subject matter leadership through the development and maintenance of Delta’s Information Security policies, standards, and procedures. Updating them annually, ensuring alignment with applicable frameworks and regulations and ensuring that they are clear and able to be understood at all levels of the organization – from technical teams to our frontline personnel.Improve Delta’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.Manage human risk and develop a strong security-driven culture where security is part of every employee’s day-to-day operation and attitudesAnalyze and identify the top human risks to the organization and the behaviors that must change to mitigate those risks. Develop, review, implement, and maintain programs and initiatives to ensure all Delta people understand, acknowledge, and fulfill all applicable enterprise information security policies.Develop Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for a metrics dashboard to track and report operational capabilities, success factors, risks, threats, and compliance metrics to measure the effectiveness of Delta’s Information Security program.Identify process improvement/automation opportunities and innovate new ways of doing things and provide innovative risk-based insights to inform Information Security leadershipCommunicate, and deliver, the value of Information Security to key stakeholdersTackle “big” problems, provide options, and drive resolution.Work as a member of the broader GRC, IT and Delta teams.
Benefits and Perks to Help You Keep Climbing Our culture is rooted in a shared dedication to living our values – Care, Integrity, Resilience and Servant Leadership – every day, in everything we do. At Delta, our people are our success. At the heart of what we offer is our focus on Sharing Success with Delta employees. Exploring a career at Delta gives you a chance to see the world while earning great compensation and benefits to help you keep climbing along the way:Competitive salary, industry-leading profit sharing program, and performance incentives 401(k) with generous company contributions up to 9 New hires are eligible for up to 2-weeks of vacation. This is earned for use in the following vacation year (April 1 – March 31)In addition to vacation, new hires are eligible for up to 56 hours of paid personal time within a 12-month period10 paid holidays per calendar yearBirthing parents are eligible for 12-weeks of paid maternity/parental leaveNon-birthing parents are eligible for 2-weeks of paid parental leaveComprehensive health benefits including medical, dental, vision, short/long term disability and life insurance benefitsFamily care assistance through fertility support, surrogacy and adoption assistance, lactation support, subsidized back-up care, and programs that help with loved ones in all stagesHolistic Wellbeing programs to support physical, emotional, social, and financial health, including access to an employee assistance program offering support for you and anyone in your household, free financial coaching, and extensive resources supporting mental health Domestic and International space-available flight privileges for employees and eligible family membersCareer development programs to achieve your long-term career goals World-wide partnerships to engage in community service and innovative goals created to focus on sustainability and reducing our carbon footprintBusiness Resource Groups created to connect employees with common interests to promote inclusion, provide perspective and help implement strategiesRecognition rewards and awards through the platform Unstoppable TogetherAccess to over 500 discounts, specialty savings and voluntary benefits through Deltaperks such as car and hotel rentals and auto, home, and pet insurance, legal services, and childcare
What you need to succeed (minimum qualifications) Have exceptional communications skills and the ability to tell powerful and compelling stories through excellent writing skills, the ability to think and communicate clearly, formulate a clear point of view on complicated issues, and create a concise and well-written narrative. A natural teacher, good at putting points across engagingly and enthusiastically and inspiring employees to take an interest in information security.Demonstrated customer focus – evaluates decisions through the eyes of the customer; builds strong customer relationships and creates processes with customer viewpoint.Ability to create metrics, documentation, presentations, and procedures that communicate results effectively.Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.Must have a high degree of initiative and the ability to manage multiple tasks, work under pressure and meet deadlines as required.Strong interpersonal, leadership, problem solving, prioritization, presentation, and facilitation skills with the ability to make recommendations to all levels of the organization.Demonstrated ability to work independently and with others.Experience with creating and writing security policies or standards in support of organizational security programs or system accreditations.Ability to interact confidently with various levels of technical and leadership positions. Proven experience (5+ years) in governance, risk, or compliance roles in one or more of the following frameworks: PCI-DSS, SOX, NIST 800-171, NIST 800-53, CISConsistently prioritizes safety and security of self, others, and personal data. Embraces diverse people, thinking, and styles. Possesses a high school diploma, GED, or high school equivalency. Is at least 18 years of age and has authorization to work in the United States.
What will give you a competitive edge (preferred qualifications) Bachelor’s degree or higher in a relevant field (information systems, cybersecurity, communications, behavioral science, and/or computer science).Experience across Information Security and IT domains such as Governance, Risk, and Compliance, IT operations, incident response, identity and access management, penetration testing, vulnerability scanning, e-discovery & forensics, application development, infrastructure, or technical supportExposure to and familiarity with relevant standards such as ISO/IEC 27001 and 27002, NIST 800, and COBIT, and applicable laws related to information security and privacy (e.g., GDPR, PCI-DSS, SOX, HIPAA)Experience in developing executive presentations or status communications for multiple organization roles.A history of driving transformational change and building relationships across IT and the Business.Creative and visual skills including graphic, web, print and slide designWorking knowledge of scripting languages (e.g., Python, PowerShell) for automating tasksExcellent analytical and problem-solving skillsMeticulous attention to detail and accuracyCISSP, CISA, CISM, Security+ or other relevant security certifications.Experience with RSA Archer or equivalent GRC tool.