IT Security and Compliance Analyst

Job Description:

The IT Security & Compliance Analyst supports and operationalizes the organization's global information security and compliance program in support of mission‑critical, safety‑sensitive, and highly regulated aviation operations. The role focuses on improving security operations, vulnerability management, audit readiness, identity governance, third‑party risk management, and overall security maturity across global IT environments.

Working closely with Infrastructure & Operations, Applications, and business stakeholders, the Analyst helps reduce enterprise risk, strengthen regulatory compliance, and ensure security controls are effective, repeatable, and defensible.

PRINCIPAL RESPONSIBILITIES:

Security Operations & Incident Response

• Monitor, analyze, and investigate security events using SIEM, EDR, email, cloud, and endpoint security tools.
• Coordinate incident response activities including containment, eradication, recovery, and post‑incident reviews.
• Maintain and improve incident response playbooks and track response metrics and corrective actions.

Vulnerability Management & Risk Reduction

• Coordinate vulnerability scanning and validation across infrastructure, endpoint, cloud, and application environments.
• Prioritize vulnerabilities based on severity, asset criticality, and exploitability.
• Track remediation SLAs, exceptions, and risk acceptances; report status and trends to stakeholders.

Identity, Access & Security Controls

• Support on‑premises and cloud identity platforms and secure authentication controls.
• Assist with joiner/mover/leaver processes, access reviews, and privileged access governance.
• Support enforcement of MFA, conditional access, and least‑privilege principles.

Compliance, Audit & Continuous Readiness

• Support internal and external audits including SOX ITGC, ISO 27001, NIST CSF, NIST 800-171, and contractual requirements.
• Maintain audit evidence, control documentation, and test artifacts.
• Support proactive control monitoring to reduce repeat audit findings.
• Assist with regulatory readiness including aviation‑specific security requirements (e.g., EASA Part‑IS).

Third‑Party & Supplier Security

• Support supplier security due diligence including questionnaires and review of SOC and ISO artifacts.
• Track vendor remediation actions and reassessment schedules for higher‑risk suppliers.
• Partner with Procurement and Legal to support security obligations in vendor contracts.

Resilience, Business Continuity & Awareness

• Support IT emergency response, disaster recovery, and business continuity planning and exercises.
• Assist with security awareness initiatives and targeted training programs.

PERSON SPECIFICATION: (minimum education requirements, key skills and experience)

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or equivalent professional experience.
• Security or audit‑related certifications preferred (CISSP, CISM, CISA, Security+, SSCP).

Experience:

• 3+ years of experience in cybersecurity operations, compliance, vulnerability management, or audit support.
• Practical experience supporting incident response, vulnerability remediation, and audit evidence production.
• Experience working with third‑party service providers and regulated environments is desirable.

Skills:

• Strong understanding of information security controls and operational risk management.
• Ability to translate security findings into clear remediation actions.
• Strong documentation, analytical, and stakeholder communication skills.
• Comfortable operating in regulated, mission‑critical operational environments.

Bristow Group is an Equal Opportunity Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.