Corporate CoreTech & Cyber
Performs cyber security assessments and information security audits utilizing established IT risk assessment framework and assessment programs. Conducts IT risk assessments to identify appropriate oversight tier and relevant IT controls. Utilizes risk based approach to plan & execute security assessments. Prepares assessment reports detailing review of the information security controls and control gaps. Engages with business stakeholders to re-mediate security findings & issues.
. Perform security controls reviews for the supply chain ecosystem based on the defined frequency
. Support ongoing cyber risk monitoring service using supplier rapid ratings tools
. Evaluate key security control metrics on an ongoing basis to identify anomalies
. Provide practical recommendations to remediate security findings and control gaps
. Engage business units, vendor management office and other stakeholders to remediate security findings and control gaps in a timely manner.
. Help coordinate across functions such as security, sourcing, legal, compliance and vendor management office.
. Stay current and utilize industry standards and best practices to drive improvements in overall security posture.
Minimum 2 years of experience in Information Technology and Risk & Compliance but typically 3+ years.
Bachelor's Degree in Information Technology, Computer Science, Information Assurance, Technology Risk or related field
• Developed strong foundation of skills and knowledge within one or more domains of Risk & Compliance (e.g. Risk Management, Technology Risk, Audit, etc.)
• Working knowledge of security tools & solutions (eg: endpoint security tools, encryption, DLP, anti-virus, network and system security
• Knowledge about general cloud security concepts
• Experience working on Third Party Security/Supply Chain Risk Management Program
• Experience performing IT Audits or Security Assessments
• Experience with industry accepted Information Security and IT governance standards (i.e. COBIT, ISO, NIST)
• Awareness or experience with industry regulations (i.e. HIPAA, DFARS, Export control, PCI)
• Proven ability to execute across multiple locations and stakeholder groups
• Ability to work cross functionally
• Excellent analytical / technical skills
• Interpersonal skills to manage stakeholders in a global environment and handle complex situations.
• Strong oral communication, business writing, presentation and facilitation skills
GE (NYSE:GE) drives the world forward by tackling its biggest challenges. By combining world-class engineering with software and analytics, GE helps the world work more efficiently, reliably, and safely. GE people are global, diverse and dedicated, operating with the highest integrity and passion to fulfill GE’s mission and deliver for our customers. www.ge.com