We are looking for a highly motivated, curious, independent, and analytical Sr. Security Engineer for the GRC IT Risk Management team. This role requires collaboration with key Information Security and Delta TechOps Information Technology partners to identify and evaluate aircraft technology-related risks, recommend effective risk remediation plans aligning to Delta’s standards, and evaluate security controls to identify deficiencies. In addition, this role will support non-aircraft related Information Security/IT risk assessment efforts on an as-needed basis.

YOUR RESPONSIBILITIES IN THIS ROLE:

As a Sr. Security Engineer of GRC IT Risk team, you will be responsible for:

• Owning successful collaborations between Information Security and Delta Tech Ops Information Technology stakeholders to identify, evaluate, and prioritize aircraft technology-related risks.
• Understanding Delta’s Information Security Standards and other aviation (or FAA) specific regulatory/industry standards.
• Leading the Aircraft Information Security Program (AISP) risk assessment projects and coach team members and stakeholders, as necessary.
• Promoting the importance of security controls and providing business value to the key stakeholders.
• Clearly communicate and educate the stakeholders to help reduce security gaps identified.
• Leading the coordination of control evidence gathering required for internal and external assessments, audits, regulatory requirements, and other needs.
• Perform security risk/attack surface/vulnerability analysis and security audits of Aircraft Information Security Program (AISP) related systems in adherence to relevant regulatory/industry standards.
• Tackle “big” problems, provide options, and drive resolution.
• Perform special projects as assigned that are not aircraft specific risk assessments, while effectively managing time with competing priorities.

• Competitive salary, industry-leading profit sharing program, and performance incentives
• 401(k) with generous company contributions up to 9
• New hires are eligible for up to 2-weeks of vacation. This is earned for use in the following vacation year (April 1 – March 31)
• In addition to vacation, new hires are eligible for up to 56 hours of paid personal time within a 12-month period
• 10 paid holidays per calendar year
• Birthing parents are eligible for 12-weeks of paid maternity/parental leave
• Non-birthing parents are eligible for 2-weeks of paid parental leave
• Comprehensive health benefits including medical, dental, vision, short/long term disability and life insurance benefits
• Family care assistance through fertility support, surrogacy and adoption assistance, lactation support, subsidized back-up care, and programs that help with loved ones in all stages
• Holistic Wellbeing programs to support physical, emotional, social, and financial health, including access to an employee assistance program offering support for you and anyone in your household, free financial coaching, and extensive resources supporting mental health
• Domestic and International space-available flight privileges for employees and eligible family members
• Career development programs to achieve your long-term career goals
• World-wide partnerships to engage in community service and innovative goals created to focus on sustainability and reducing our carbon footprint
• Business Resource Groups created to connect employees with common interests to promote inclusion, provide perspective and help implement strategies
• Recognition rewards and awards through the platform Unstoppable Together
• Access to over 500 discounts, specialty savings and voluntary benefits through Deltaperks such as car and hotel rentals and auto, home, and pet insurance, legal services, and childcare

• 5+ years of related experience including Information Security GRC with an emphasis on aviation specific security risk assessment experience.
• Ability to develop, execute, and deliver projects independently.
• The ability to execute multiple deliverables simultaneously by effectively prioritizing workload independently.
• Ability to clearly communicate complex risks and controls information to stakeholders outside of Information Security.
• Strong organizational and analytical skills with attention to detail and the ability to think strategically and drive long-term strategic planning, resource allocation, and continuous improvement.
• Demonstrate ability to be independent and self-motivated, while able to pivot to emerging priorities and navigate through ambiguous situations.
• Acquire and maintain a working knowledge of relevant laws, regulations, policies, standards, and compliance obligations.
• Leverage industry best practices for evaluating, implementing, and disseminating Information Security internal assessments, monitoring, detecting, and remediation.
• Work as a member of the broader GRC, IT and Delta teams. Do what’s right for Delta.
• Operate with integrity and a positive attitude.
• Drive awareness and knowledge of security.
• Consistently prioritizes safety and security of self, others, and personal data.
• Embraces diverse people, thinking, and styles.
• Possesses a high school diploma, GED, or high school equivalency.
• Is at least 18 years of age and has authorization to work in the United States.