Analyst - IT Governance - Risk & Compliance

Frontier Airlines • Full-time • Denver, CO, US • 4d ago

Why Work for Frontier Airlines?

At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - it’s our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need – saving them money along the way.

What We Stand For

Low Fares Done Right is our mission and we strive to bring it to life every day. Our ‘Done Right’ promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - we’re not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality.

Work Perks

At Frontier, we like to think we’re creating something very special for our team members. Work is why we’re here, but the perks are nice too:

Flight benefits for you and your family to fly on Frontier Airlines.
Buddy passes for your friends so they can experience what makes us so great.
Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages.
Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors.
Enjoy a ‘Dress for your Day’ business casual environment.
Flexible work schedules that support work/life balance.
Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date.
We play our part to make a difference. The HOPE League, Frontier Airlines’ non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship.

Who We Are

Frontier Airlines is committed to offering ‘Low Fares Done Right’ to more than 100 destinations and growing in the United States, Canada, Dominican Republic and Mexico on more than 350 daily flights. Headquartered in Denver, Frontier’s hard-working aviation professionals pride themselves in delivering the company’s signature Low Fares Done Right service to customers. Frontier Airlines is the proud recipient of the Federal Aviation Administration’s 2018 Diamond Award for maintenance excellence and was recently named the industry’s most fuel-efficient airline by The International Council on Clean Transportation (ICCT) as a result of superior technology and operational efficiencies.0

What Will You Be Doing?

The IT Governance, Risk, & Compliance (GRC) Analyst will support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The IT GRC Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, TSA, and data privacy standards/regulations. The analyst will implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The analyst will have a unique opportunity to partner and engage with departments across the organization, including Cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams.

Essential Functions

Make an impact on the organization’s security program and services through experience with various cybersecurity concepts including data governance, risk management, metrics, audit, policy, and standards development.
Partner with Finance, Accounting, and Internal Audit teams to understand our processes and how technology controls fit into those processes.
Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability.
Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies.
Support control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews.
Assist in conducting management audits, producing reports with recommendations for remediation and improvement.
Support development and implementation of security policies, procedures, and documented security controls.
Maintain a regulatory (PCI/SOX/TSA) control database, inventorying control ownership, control objectives, and testing objectives.
Support and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments.
Support key operations of due diligence, on-going monitoring, and risk exception/waiver management.
Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results.
Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives.
Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards.
Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.
Support development and dissemination of cybersecurity training and awareness for organizational users, administrators, and developers.
Assist in the management and maintenance of the enterprise-wide Cybersecurity Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, bulletins, and newsletters.
Support controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective.
Perform assessments on our Third Parties, aimed at reducing organizational risk from an cybersecurity perspective.
Support the delivery of relevant and actionable reporting/presentations to stakeholders and executive management.
Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, TSA, PCI, and SOX) and escalate findings appropriately.
Performs other related duties as assigned.

Qualifications

Bachelor’s degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field.
3+ years’ experience in vendor risk management, IT risk management, and/or data privacy role.
2+ years’ experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role.
Ability to develop policies, standards, and procedures in compliance with laws, regulations, and industry best practices in support of organizational cyber activities.
Preferred, but not required:
- Experience with the airline industry a plus.
- Hold an active GRC certification, such as CISSP, CISA, CISM, CRISC, CRMA, or GIAC.
- Big-4 accounting firm experience is a plus.

Knowledge, Skills And Abilities

Experience with risk management as it relates to Cybersecurity.
Experience with security audits.
Experience in controls testing in line with SOX frameworks.
Experience developing cybersecurity and IT controls, policies, and procedures.
Proficient in developing and maintaining policies, standards, and guidance artifacts.
Experience identifying, tracking, reporting and remediating IT/Cyber procedural and technical risk.
Strong understanding on implementing effective control and/or mitigation options to manage security risks.
Display a working knowledge of SOX IT General Controls (ITGC) requirements.
Proven ability to plan and execute ITGC testing and subsequent status reporting.
Knowledge of industry frameworks, regulations, or contractual rules such as PCI-DSS, HIPPA, NIST, ISO, ITIL, GDPR, COSO, COBIT, and SOC1/2.
Knowledge of industry trends and current and emerging risks.
Ability to facilitate a climate of cohesiveness, cooperation, and teamwork.
Self-directed professional with strong work ethics and excellent organizational skills.
Exceptional consultative and interpersonal skills that have resulted in business relationships of impeccable trust, confidence, and results.
Ability to work in a fast paced, sometimes stressful team environment with the ability to adapt to new, different, or changing situations.
Familiarity with working cross departmentally (Internal Controls, Finance, Accounting, People).
Very strong analytical skills.
Excellent verbal, written, and presentation skills.
Proficient in Microsoft Office suite of applications (Word, Excel, PowerPoint, Access, SharePoint, etc.).

Equipment Operated

Experience using GRC, third-party risk management, and identity access & governance platforms.

Work Environment

Typical office environment, adequately heated and cooled.

Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Positions Supervised

Does not supervise resources.

Salary Range

$72,000.00 - $96,331.00

Please note: this posting has a closing date of 1/30/2025, midnight MT.

Workplace Policies

At Frontier Airlines, we wholeheartedly support and have a strong commitment to Equal Employment Opportunity (EEO) and Affirmative Action. Frontier is committed to providing equal employment opportunities for all persons regardless of race, color, religion, gender, gender variance, sexual orientation, age, genetic information, martial status, national origin, citizenship status, disability, military, veteran status, and any other basis protected by federal, state, or local laws.

Diversity is an essential part of our success. Our company flourishes because of the unique backgrounds, skills and ideas that our team members contribute every day. We salute and actively recruit veterans. Military experience is valuable and transferable to many of the positions essential to the operations of our airline.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective DOT safety-sensitive employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any DOT safety-sensitive job applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

Colorado Residents: In any materials you submit, you may redact or remove age-identifying

information such as age, date of birth, or dates of school attendance or graduation. You will

not be penalized for redacting or removing this information.