Senior Governance, Risk, and Compliance (GRC) Process Analyst

Senior Governance, Risk, and Compliance (GRC) Process Analyst

Boeing is seeking a detail-oriented and analytical Senior Governance, Risk, and Compliance (GRC) Process Analyst to support governance, risk, and compliance initiatives for Infrastructure team at our Mesa, AZ; Dallas, TX; Colorado Springs, CO; Fort Walton Beach, FL; Jacksonville, FL; Miami, FL; North Charleston, SC; Ridley Park, PA; Portland, OR; Salt Lake City, UT; San Antonio, TX; Seal Beach, CA; Seattle, WA; or Berkeley, MO.

The ideal candidate will have experience in SOX compliance, vulnerability management coordination, risk assessments, security controls validation, and corporate/internal audit support.

This role will partner with Information Security, IT&O, Internal Audit, Compliance, SOX, External Audit, and Business stakeholders to ensure compliance with regulatory requirements, strengthen security posture, and maintain effective internal controls.

Position Responsibilities:

• Support the organization's GRC framework, policies, standards, and procedures
• Conduct risk assessments and maintain enterprise risk registers.
• Identify, assess, and track remediation of technology and cybersecurity risks
• Assist in third-party/vendor risk assessments and compliance reviews
• Monitor compliance with internal policies and regulatory requirements
• Support ITGC (IT General Controls) and SOX compliance activities
• Coordinate control testing, evidence collection, and remediation tracking
• Work with control owners to ensure Design effectiveness and operational effectiveness of SOX controls
• Assist during external and internal SOX audits
• Maintain documentation for SOX controls, narratives, and process flows
• Coordinate vulnerability management activities with infrastructure teams
• Track remediation of identified vulnerabilities and security findings.
• Support periodic access reviews and security compliance assessments
• Act as liaison between IT/Security teams and Internal/External Auditors
• Prepare audit evidence and coordinate audit requests.
• Track audit findings and remediation plans through closure
• Assist with audit readiness initiatives and continuous monitoring activities
• Develop dashboards, metrics, and compliance reports for management
• Maintain accurate documentation for risks, controls, findings, and remediation efforts
• Support policy and procedure reviews and updates
• Support automation for SOX controls by identifying the scope and recommend all possible options for automation
• Directs activities to define, deploy, evaluate and support common computing standards, IT processes, tools and process/performance metrics
• Leads activities to define plans to support common standards and processes. Identifies qualitative and quantitative improvement measures
• Advises on the selection of key parameters and standards to monitor progress. Leads the definition, development and deployment of common process requirements and infrastructure products and services
• Directs activities to educate and promote use of Boeing IT common processes, methodologies, products and services.
• Leads, consults and coaches in common processes for software development and maintenance
• Leads the review and evaluation of new technology for software process impact. Supports and integrates architecture mapping to common processes

Basic Qualifications (Required skills/experience):

• 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Technology (IT) Audit, Information Security, vulnerability management, and Compliance
• 5+ SOX ITGC, Security Controls, Vulnerability Management processes, Audit lifecycle and compliance practices
• 3+ Experience with Governance, Risk, and Compliance (GRC) tools such as ServiceNow GRC, Audit Board, and CAIRO
• 3+ years with infrastructure experience including network, database, operating systems, IAM, change management, and periodic reconciliations
• 3+ years of industry security standards experience, such as NIST, ISO 27001, COBIT, and OWASP
• 3+ years in risk management
• 3+ years in root cause corrective analysis
• 5+ years of managing multiple competing priorities
• 5+ years of experience in consulting or in a strategic role that influences the business
• Must have excellent communication and presentation skills

Preferred Qualification (Desired skills/experience):

• 10 or more years' related work experience or an equivalent combination of education and experience
• 10+ years of experience in GRC, IT Audit, Information Security, vulnerability management, and Compliance
• 10+ SOX ITGC, Risk Management methodologies, Security Controls, Vulnerability Management processes, Audit lifecycle and compliance practices
• 5+ Experience with GRC tools such as ServiceNow GRC, Audit Board, and CAIRO
• 10+ years hands on experience with Governance, Risk, and Compliance (GRC) experience
• 5+ years with infrastructure experience including network, database, operating systems, IAM, change management, and periodic reconciliations
• 5+ years of industry security standards experience, such as NIST, ISO 27001, COBIT, and OWASP
• 5+ years in risk management
• 5+ years in root cause corrective analysis