GRC Analyst II

CAMP Systems is the leading provider of aircraft compliance and health management services to the global business aviation industry. CAMP is the pre-eminent brand in its industry and is the exclusive recommended service provider for nearly all business aircraft manufacturers in the world. Our services are delivered through a "SaaS plus" model and we support over 20,000 aircraft on our maintenance tracking platform and over 31,000 engines on our engine health monitoring platform. Additionally, CAMP provides shop floor management ERP systems to over 1,300 aircraft maintenance facilities and parts suppliers around the world. CAMP has grown from a single location company in 2001, to over 1,600 employees in 14 locations around the world.

CAMP's relationships with business aircraft manufacturers, aircraft maintenance facilities, and parts suppliers place it in a unique position to understand how current offline information flows in the business aviation industry to introduce friction to the global market for business aviation parts and services. CAMP is building a digital business that will streamline the exchange of parts and services and create substantial value for both CAMP and the aviation industry at large.

CAMP is an exciting company to work for, not only because of its future growth prospects, but also because of its culture. Smart, motivated people, who want to take initiative, are given the opportunity and freedom to make things happen. CAMP is part of the Hearst Business Media portfolio. We are located in Merrimack, NH - an hour from Boston, and a half hour from the Massachusetts tech corridor.

Job Summary:

The Governance, Risk, and Compliance Analyst (GRC) is responsible for assessing and documenting the CAMP's compliance and risk posture as they relate to its information assets. The purpose of this position is to provide highly skilled technical and information security expertise for the development and implementation of the information security risk management program. Responsibilities require project management experience, as well as expertise to ensure effective system-wide security analysis; controls design, development and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.

Responsibilities:

• Assist the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
• Assist in the development of effective policies and practices to secure protected and sensitive data and ensure security and compliance with relevant certification, legislation and legal interpretation.
• Assist with the execution of several audits, compliance checks and external assessment processes for internal/external auditors, PCI, SOX, SOC2, NIST-CSF, ISO 27001, FAR/DFAR, CMMC etc.
• Work with Internal Audit, external auditors (3rd parties), legal team, customers, and partners on security assessments and audits.
• Coordinate and track all information technology and security related audits including scope of audits and business units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light.
• Provide guidance, evaluation and advocacy on audit responses.

Requirements:

• Bachelor's degree or equivalent combination of education and experience.
• Industry certifications such as CISSP, CRISC, CISM, or CISA are preferred
• 3+ years of direct information security experience, with a primary focus in risk and compliance.
• Strong knowledge of information security risk management frameworks (PCI, SOC2, NIST, SOX, etc.) and compliance practices.
• Strong eye for detail and ability to successfully manage third party audits, gather evidence and coordinate audit response.
• Ability to develop security standards and guidelines based on best practices and industry standards
• Familiarity with GRC tools methodologies and best practices
• Ability to leverage strong verbal, written communication skills to collaborate with cross-functional teams.
• Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
• A team player with strong collaboration skills and the ability to work with minimal supervision.

CAMP is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer - vets/disabled

CAMP is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@campsystems.com.

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability or protected veteran status EEO.