Security Contract Analyst - Third Party Risk Management
Company: Southwest Airlines Company
Posted on: February 15, 2019
**Overview** We are committed to provide our Employees a stable work environment with equal opportunity for learning and personal growth. Creativity and innovation are encouraged for improving the effectiveness of Southwest Airlines. Above all, Employees will be provided the same concern, respect, and caring attitude within the organization that they are expected to share externally with every Southwest Customer. We are committed to provide our Employees a stable work environment with equal opportunity for learning and personal growth. Creativity and innovation are encouraged for improving the effectiveness of Southwest Airlines. Above all, Employees will be provided the same concern, respect, and caring attitude within the organization that they are expected to share externally with every Southwest Customer. **Responsibilities** This Analyst will join the Risk and Compliance Team within Cybersecurity to support Third party risk management. This team works to ensure that we have the correct legal/technical language within each contract we enter with a vendor. This will involve working with a variety of team members across Southwest including Procurement, Technology SME's, and Stakeholders to identify risks and help protect and improve Southwest's security posture. **WORK ACTIVITIES/CONTEXT:** **Technical Expertise:** + Perform third party risk management activities such as supplier security assessments/reviews, contractual terms analysis, and ongoing monitoring of supplier adherence to security commitments. + Work with various Teams and/or external partners to contract at a moderate to advanced level with respect to contractual terms such as IP, data security, LOL, SLA development. + Effectively applies knowledge and skills of analysis, business processes, tools, domains, project methodologies, requirements definitions, and testing to solve a range of problems. + Partners with other Technology Teammembers to provide advice or solutions within his or her area of expertise. + Stays informed about current developments within his or her expertise such as IT security fundamentals across multiple domains, including (but not limited to) security management, access control, application development, operations security, physical security, cryptography, business continuity planning. **Analytical Expertise:** + Ability to assess adherence to security controls + Identifies problems, performs root cause analysis, investigates information, performs impact analysis, and formulates and executes plans to develop solutions. + Identifies strengths and weaknesses of alternative solutions, conclusions, or approaches to problems. + Understands and can estimate effort and value for solutions + Understands at a broad level how technology platforms/architectures are applied to automated business solutions. **Business Knowledge:** + Understands IT security assessment processes, including audit, and security policy and standards review. + Actively engaged in industry, domain, process, or technology trends. **Task Management:** + Ability to develop and manage structured third party risk identification and assessment + Acts as a coordination and facilitation point for organizing work efforts. + Sets up or follows established procedures to ensure high quality of work. + Understands dependency identification processes in technology work, verifies information and carefully reviews and checks the accuracy of own work. + Establishes or follows prioritization process to drive work, and has a sense of urgency about getting work completed. + Looks for and seizes opportunities to do more or to do things better. **Communication:** + Appropriately shares ideas and information with others. + Practices attentive and active listening. + Ensures that regular and consistent communications take place. + Expresses ideas as well as business or technical requirements clearly and concisely in writing using appropriate levels of summary and synthesis. + Expresses oneself clearly in conversation and interaction with others. + Must be able to meet any physical ability requirements listed on this description. + May perform other job duties as directed by Employee's Leaders. **Qualifications** **BASIC QUALIFICATIONS:** + High School Diploma, GED or equivalent education required. + Must be at least 18 years of age. + Must have authorization to work in the United States as defined by the Immigration Reform Act of 1986. **EDUCATION:** + BS, Business, Engineering, Computer Science, or Information Systems, or formal training preferred. **WORK EXPERIENCE:** + 2 - 4 years work experience as an Analyst or equivalent position required. + Experience performing contractual terms analysis related to IT services preferred + Experience performing supplier security assessments preferred + Privacy and PCI experience preferred. **PHYSICAL ABILITIES:** + May be asked on occasions to lift and/or pull weights loads of approx. 20 lbs. on a periodic basis. + May require extended work hours per Leaders' request. + May be asked to climb, bend, kneel, crawl, and stoop on a periodic basis. **SKILLS/ABILITIES/KNOWLEDGE/WORK STYLE:** **Core Knowledge:** + Proficient knowledge of business analysis, process modeling and redesign. + Proficient knowledge of technical environments. + Proficient knowledge of software development methodologies. **Critical Skills:** + Proficient partnering, communication, and negotiation skills in working with various Teams and/or external partners. + Able to analyze medium to large Business or technical problems, articulating the problem or root cause, and translating the analysis into viable solution recommendations. + Able to work effectively in a strong Customer service / team oriented environment. + Able to research, create, and document requirements, processes, and technical specifications. + Able to manage and prioritize multiple and widely varied work streams / tasks. + Able to take on multiple assignments, whether administrative or project related, while maintaining a successful level of completion in all responsible work. Able to mentor others to do the same. + Able to prioritize effectively. + Able to develop, present and effectively communicate ideas and strategies to a variety of audiences. + Able to teach and mentor others concerning technical and business subjects. ** ** + Must be able to comply with Company attendance standards as described in established guidelines. **OTHER QUALIFICATIONS:** + Limited travel with potential for increased/decreased travel based upon Technology Department needs. + Must maintain a well-groomed appearance per Company appearance standards as described in established guidelines. **_Southwest Airlines is an Equal Opportunity Employer._** **Requisition ID** _2019-27986_ **Category** _Corporate_ **Location** _US-TX-Dallas_ **Employment Type** _Regular Full-Time_ **Department** _20-Technology_It is also the policy of Southwest Airlines to provide equal opportunity to all individuals and not to discriminate on the basis of race, color, ancestry, religion, age, sex, sexual orientation, gender, gender expression, gender identity, pregnancy, marital status, national origin, genetic information, physical or mental disability, military or veteran status.
Keywords: Southwest Airlines Company, Dallas , Security Contract Analyst - Third Party Risk Management, Executive , Dallas, Texas
Didn't find what you're looking for? Search again!