Senior Manager of Governance, Risk & Compliance (GRC)

Senior Manager of Governance, Risk & Compliance (GRC)

Company:

Jeppesen Sanderson Inc

About Us: 

We are a premier global aviation software company, dedicated to delivering innovative solutions that shape the future of flight. Our technology supports critical operations worldwide, from flight navigation to crew planning and optimization. Join our passionate team as we navigate the complexities of an evolving industry, ensuring the security and integrity of our products and services. 

We are seeking an experienced and highly motivated Senior Manager of Governance, Risk & Compliance (GRC) L level to lead our GRC function within our newly integrated Security organization in a remote US position. This is a critical leadership role where you will be instrumental in shaping and maturing our cybersecurity posture using modern approaches. You will navigate the complexities of protecting critical data across a diverse technology landscape, encompassing both modern cloud platforms and legacy systems, on a global scale. 

Your primary focus will be on establishing a robust security governance framework, effectively managing information risk, and ensuring demonstrable compliance with a wide array of international cybersecurity standards (including mandatory adherence to ISO 27001 and CMMC requirements), global data privacy laws, and other relevant frameworks. You will champion cybersecurity resilience and also ensure adherence to vital aviation safety standards (e.g., FAA/EASA requirements) and airworthiness security standards (e.g., DO-326/DO-356 support), recognizing the critical link between data integrity, availability, and flight safety. 

This role requires a strategic thinker who can manage a diverse "Security Compliance Portfolio," balancing adherence to various critical standards and regulations. You will be essential in building a robust and efficient Security organization that enables our business objectives, fosters a culture of security and trust across our global operations, and effectively communicates our security posture to key airline customers. 

Position Responsibilities:

• Lead the GRC team in developing, maintaining, and communicating enterprise-wide security policies, standards, and procedures with a clear focus on current and emerging global cybersecurity threats and best practices. 

• Establish, manage, and mature the security risk management program, including conducting comprehensive enterprise cybersecurity risk assessments, overseeing Third-Party Risk Management (TPRM), and maintaining a unified risk register. 

• Drive the implementation, ongoing management, certification, and continuous improvement of the Information Security Management System (ISMS) based on ISO 27001. 

• Ensure and demonstrate compliance with a complex portfolio of relevant cybersecurity regulations and standards (e.g., ISO 27001, CMMC, NIST CSF) and major global privacy regulations (e.g., GDPR, CCPA, and other international frameworks). 

• Support and ensure adherence to applicable aviation data standards (e.g., FAA LOA, EASA DAT, DO-200B) and airworthiness security standards (DO-326/DO-356 support). 

• Manage and coordinate internal and external security and compliance audits (regulatory, customer, certification), driving remediation efforts and continuous improvement. 

• Champion and integrate modern GRC methodologies, including automated governance tools and 'policy as code' principles, to enhance efficiency and effectiveness. 

• Develop, deliver, and champion a comprehensive security awareness and training program for all employees to foster a strong security-conscious culture. 

• Define data classification standards and associated handling requirements to protect sensitive corporate and customer information. 

• Harmonize disparate policy sets and standardize risk management and compliance monitoring methodologies across integrated Jeppesen and Foreflight entities. 

• Develop and manage an airline customer security assurance program, acting as a key liaison to address their security inquiries, articulate our security posture, and map internal (e.g., Jeppesen, Foreflight) product and service risks to customer-relevant risks. 

• Provide expert guidance to business and technology stakeholders on cybersecurity risks introduced by business and operational changes. 

• Liaise effectively with Legal, Privacy Office, regulators (e.g., FAA, EASA, and other global authorities), auditors, and other internal stakeholders on all GRC matters. 

• Oversee processes for managing data subject rights requests in accordance with applicable global privacy laws. 

• Contribute to the continuous improvement of the overall cybersecurity program through robust measurement, metrics, and reporting to senior leadership. 

Key Objectives & Performance Indicators (Examples): 

• Achieve and maintain demonstrable compliance with key cybersecurity (including ISO 27001, CMMC), privacy, and aviation regulations, evidenced by positive audit results and minimal regulatory findings. 

• Timely development, approval, and adoption of harmonized security policies and standards across the integrated Jeppesen and Foreflight entities. 

• Demonstrable effectiveness of the risk management program, including the use of modern tools and techniques. 

• Successful management and coordination of internal and external audits, with quantifiable improvement in audit findings and posture over time. 

• Measurable improvements in employee security awareness and engagement across the organization. 

• Successful maintenance and continual improvement of the ISO 27001 certified ISMS and adherence to CMMC requirements where applicable. 

• Positive feedback and strengthened relationships with airline customers regarding security assurance. 

Join Our Team: 

If you are a GRC leader passionate about cybersecurity, experienced in global compliance, and ready to take on a strategic role in a complex and exciting industry, we encourage you to apply! 

Basic Qualifications (Required Skills/Experience):

• A minimum of 10-15 years of significant professional experience in information security or IT, with at least 5+ years in a GRC leadership or managerial capacity within a global organization. 

• Required deep expertise in cybersecurity governance, risk management, and compliance, with mandatory proven experience implementing, managing, and achieving/maintaining certification for Information Security Management Systems (ISMS) based on ISO 27001. 

• Required demonstrable experience with the Cybersecurity Maturity Model Certification (CMMC) framework (and supporting standards like NIST SP 800-171) and its application in relevant environments. 

• Strong understanding and practical experience with enterprise risk management methodologies and prominent cybersecurity frameworks (e.g., NIST CSF, NIST SP 800-53). 

• Proven experience in developing, implementing, and enforcing effective security policies, standards, and procedures in a complex, global organization. 

• In-depth knowledge of and experience applying major global data privacy regulations, including but not limited to GDPR, CCPA, and an understanding of the broader international privacy landscape. 

• Experience with or strong understanding of modern GRC technology, automated governance tools, and 'policy as code' concepts. 

• Experience managing comprehensive compliance programs and coordinating diverse audits (regulatory, customer, certification). 

• Familiarity with aviation-specific regulations and standards (e.g., DO-326/DO-356/DO-200B set, FAA, EASA requirements) is a strong asset. 

• Experience with vendor risk management processes, including the use of security assessment questionnaires and negotiating contractual security requirements. 

• Demonstrated ability to develop and deliver engaging and effective security awareness and training programs that drive behavioral change. 

• Excellent written and verbal communication skills, with the proficiency to articulate complex GRC concepts clearly and persuasively to diverse global audiences, including executive leadership and key customers. 

• Relevant professional certifications such as CISSP, CISM, CISA, CRISC, or similar are highly preferred. 

• Experience working in a highly regulated industry, preferably aviation or finance, is a significant advantage. 

Drug Free Workplace:

Boeing is a Drug Free Workplace where post offer applicants and employees are subject to testing for marijuana, cocaine, opioids, amphetamines, PCP, and alcohol when criteria is met as outlined in our policies.

Pay & Benefits:

At Boeing, we strive to deliver a Total Rewards package that will attract, engage and retain the top talent.  Elements of the Total Rewards package include competitive base pay and variable compensation opportunities. 

The Boeing Company also provides eligible employees with an opportunity to enroll in a variety of benefit programs, generally including health insurance, flexible spending accounts, health savings accounts, retirement savings plans, life and disability insurance programs, and a number of programs that provide for both paid and unpaid time away from work. 

The specific programs and options available to any given employee may vary depending on eligibility factors such as geographic location, date of hire, and the applicability of collective bargaining agreements.

Pay is based upon candidate experience and qualifications, as well as market and business considerations. 

Summary Pay Range: $161,500.00-$218,500.00

Language Requirements:

Not Applicable

Education:

Not Applicable

Relocation:

Relocation assistance is not a negotiable benefit for this position.

Export Control Requirement:

This is not an Export Control position.

Safety Sensitive:

This is not a Safety Sensitive Position.

Security Clearance:

This position does not require a Security Clearance.

Visa Sponsorship:

Employer will not sponsor applicants for employment visa status.

Contingent Upon Award Program

This position is not contingent upon program award

Shift:

Shift 1 (United States of America)

Stay safe from recruitment fraud! The only way to apply for a position at Boeing is via our Careers website. Learn how to protect yourself from recruitment fraud - Recruitment Fraud Warning

Boeing is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status or other characteristics protected by law.

EEO is the law

Boeing EEO Policy

Request an Accommodation

Applicant Privacy

Boeing Participates in E – Verify

• E-Verify (English)
• E-Verify (Spanish)

Right to Work Statement

• Right to Work (English)
• Right to Work (Spanish)