Security Risk Leader, GE Power

Boston, Michigan
29 Oct 2016
12 Jan 2017
Oil and Gas
Contract Type
Full Time
As our new Security Governance & Risk Leader will provide ownership and strategic direction on SOX controllership, Identity and Access management and governance to standards such as ISO 27002 across GE Power. Reporting to the Chief Information Security Officer, GE Power this Security, Governance and Risk Executive will lead a team of approximately 30+ (including contractors) across these critical functional areas.

Essential Responsibilities

As our new Security Governance & Risk Leader you will:
  • Develop a GE Power Risk Security strategy and lead implementation for business security governance, controllership, identity and access management, regulatory and policy programs.
  • Maintain ISO governance and compliance program for GE Power
  • Be responsible for IT controllership and to create a risk based strategy for validation of Sarbanes-Oxley controls and Critical Systems compliance
  • Provide content and deliver various status updates for key stakeholders including but not limited to P&L leaders, Corporate and P&L Sarbanes-Oxley application teams and control owners
  • Ensure identity and access management requirements are met, including lifecycle of user and functional access for all levels of Power's most critical systems (application, database and server/OS layers) including Sarbanes Oxley and Global Export Control requirements
  • Build and lead a multi-function organization, ensuring that individual, team and program goals support the overall organizational mission and support GE transformation initiatives
  • Lead decision making process and drive progress against goals through engagement and consensus building with colleagues and business partners to align on priorities, plans and tactics to accomplish the GRC objectives.
  • Develop, support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations.
  • Communicate and present to executive leadership
  • Define regulatory requirements for Power
  • Support large and complex GE Power organization in 150+ countries, which includes Power Generation, Water Technologies, Gas/Steam Engines, and Nuclear Energy
  • Prioritize and work under tight time constraints


    Basic Qualifications
  • Bachelor's degree in Information Systems, Information Technology, Computer Science or Engineering or related discipline
  • Minimum of 10+ years of experience in IT infrastructure, Security and/or Compliance and a deep understanding of information security fundamentals and general security technologies.
  • Minimum of 8 years' experience in and demonstrated knowledge of SOX Controllership, security and risk frameworks including: ISO 2700x, NIST 800.Eligibility Requirements
  • Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
  • Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen.
  • Ability and willingness to travel, as required.

    Additional Eligibility Qualifications

    GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen.

    Desired Characteristics

  • Previous experience in the IT Compliance or Security Fields
  • Sarbanes-Oxley experience
  • Knowledge/experience with identity, access management principles and/or technology (e.g. IDM, Domains, DBA roles, etc.)
  • Public Accounting experience with "Big 4" public accounting firm
  • Experience working in an environment with export control requirements
  • Strong familiarity with Linux and Windows operating systems
  • Specific experience with IT Security policies, standards, and risk
  • Broad background in the following areas: computer / OS security, network security, hardware security, firmware security, and embedded platform security
  • Exposure to Industrial Control Systems and SCADA security
  • Experience working in a global environment with offshore support teams
  • Familiarity with DoD and DoE security requirements
  • Green Belt / Black Belt Certified (Internal Only)
  • Demonstrated initiative to stay abreast of technology and security advancements
  • Excellent communication, analytical, problem solving, negotiation and presentation skills.
  • Experience with security architecture and design
  • Industry-recognized security certification such as CISSP, CISM, CISA, or CCIE - Security, Certified Information Systems Auditor or Certified Public Accountant#DTR