US Cyber Security Officer (Remote)

Fantastic challenges. Amazing opportunities.

GKN Aerospace is reimagining air travel: going further, faster and greener! Fuelled by great people whose expertise and creativity sets the standards in our industry, we’re inspired by the opportunities to innovate and break boundaries. We’re proud to play a part in protecting the world’s democracies. And we’re committed to putting sustainability at the centre of everything we do, opening up and protecting our planet. With over 16,000 employees across 33 manufacturing sites in 12 countries we serve over 90% of the world’s aircraft and engine manufacturers and achieved sales of £3.35 bn.in 2023. There are no limits to where you can take your career.

The role of Cyber Security Officer is responsible for interpreting regulatory and contractual requirements, mapping controls, assessing controls and advising IT/OT and business teams on control implementation. The Cyber Security Officer is expected to support activities for security risk management, reporting, policy lifecycle, training and awareness, governance, risk and compliance program delivery, and third-party risk management. This position will be collaborating with stakeholders across various business departments such as IT, Legal and Compliance, and HR to ensure risks are managed effectively and efficiently in accordance with company policies and applicable requirements.

Risk and Compliance:

• Assist in maintaining US Defense certification and accreditation.
• Support risk identification, assessment, response, mitigation, control monitoring, and reporting.
• Gather and evaluate information for auditors, regulators, and compliance partners.
• Develop and perform tests to evaluate key controls.
• Review test findings, identify control weaknesses, and recommend actions.
• Support issue management, risk acceptances, and corrective action programs.
• Deliver high-quality reporting and communicate effectively in technical and business terms.
• Support workforce security activities, including culture, awareness, and training.
• Coordinate and respond to alerts and directives, and submit incident reports.
• Coordinate local incident response activities and liaise with security operations, business, regulators, and third parties.
• Complete supplier assurance questionnaires and conduct risk assessments.

Governance:

• Develop, implement, and maintain governance, risk, and compliance processes.
• Improve security framework, methodology, standards, and internal controls.
• Report findings, track status, and ensure corrective actions.
• Support operational reporting, management communications, and executive governance committees.
• Lead continuous improvement initiatives.
• Maintain relationships with auditors, regulators, and compliance partners.

GRC Systems Administration:

• Support operation and administration of GRC systems for Cyber Security and IT.
• Develop and configure GRC system services and improvements.
• Specialize in questionnaires, workflows, reports, and dashboards.
• Serve as a resource to Cyber Security, IT/OT, and business teams on GRC matters.

Safety First:

• Follow all HSE rules and regulations.

Join our team to enhance our governance, risk, and compliance processes and contribute to our continuous improvement initiatives!

• Bachelor's degree in a technology-related field or equivalent experience.
• 3+ years of experience in security and compliance which includes experience in cyber security governance, risk, and compliance management, as well as awareness of cyber threats and vulnerabilities.
• Proficiency in writing policies, procedures, and controls for various standards and frameworks, andthe ability to work inlarge, highly regulated environments.
• Proven knowledge of aerospace regulations and export control requirements and understanding of risk management processes.
• Provenexperience in CMMC andNIST SP 800-171, NIST SP 800-53Frameworks.
• Experience in coordinating third-party assessments.
• US Person per ITAR regulations to comply with export compliance requirements.

Preferred Qualifications:

• Capability to work independently and handle ambiguity.
• Knowledge of computer networking concepts and network/system security methodologies.
• Familiarity with RMF for US DoD security programs and risk management practices.
• Understanding of NISPOM, JSIG, ICD 503, and DCSA DAAPM.
• Knowledge of DISA STIG or equivalent implementation guidance.
• Professional security certifications like CISSP, CISM, or similar.

We’ll offer you fantastic challenges and amazing opportunities. This is your chance to be part of an organisation that has proven itself to be at the cutting edge of our industry; and is committed to pushing the boundaries even further. And with some of the best training on offer in the industry, who knows how far you can go?

A Great Place to work needs a Great Way of Working

Everyone is welcome to apply to GKN. We believe that we can only achieve our ambitions through a coming together of diverse minds who enjoy collaborating in an inspirational environment. Through our commitment to diversity, inclusion and belonging and by living our five powerful principles we’ve created a culture where everyone feels welcome to contribute. It’s a culture that won us ‘The Best Workplace Culture Award’. By embracing and celebrating what makes us unique we encourage everyone to bring their full self to work.

We’re also committed to providing an accessible recruitment process, so if you require reasonable adjustments at any stage during our recruitment process please get in touch and let us know.

We arethe place where human dreams, plus humanendeavour, shape the future of aerospace innovation and technology.