Analyst Cybersecurity Risk

Position Summary The Cybersecurity Risk & Metrics Analyst supports JetBlue’s Cybersecurity Risk Management program by identifying, assessing, tracking, and reporting risks across the enterprise. This role contributes to the governance and execution of risk processes, including Enterprise Cybersecurity Risk Management (ECRM), Third-Party Risk Management (TPRM), and Risk Exception Management. The ideal candidate is a detail-oriented, analytical professional who can navigate complex environments and translate technical and business information into actionable insights. Essential Responsibilities • Perform qualitative and quantitative cybersecurity risk assessments across business units, systems, and projects in alignment with the Cybersecurity Risk Management Framework. • Develop dashboards and reportsfor multiple audiences (e.g., CISO, senior leadership, operational teams), ensuring clarity, accuracy, and consistency across functions. • Provide monthly and quarterly risk reporting inputs to the Enterprise Risk Management function andcontribute cybersecurity perspectives to board-level or regulatory reporting. • Working knowledge ofdata visualization toolssuch as Power BI, Tableau, Splunk, or ServiceNow Performance Analytics. • Experience translating complex cybersecurity data into clear, actionable insights forbusiness and technical audiences. • Experience querying and transforming data usingSQL and/or SPL (Splunk Processing Language)for use in dashboards, metrics, or reporting workflows. • Support the identification and management of inherent and residual risk using defined control categories and compensating measures. • Partner with business stakeholders, technology teams, and external partners to assess cyber risks associated with third-party relationships. • Maintain and mature the Third-Party Risk Management lifecycle, including vendor onboarding, risk reviews, due diligence, and re-assessments. • Monitor and track risk exceptions and compensating controls; ensure risk acceptance processes are documented and approved in accordance with governance policies. • Develop and maintain risk metrics, dashboards, and executive-level reporting to communicate the risk posture of JetBlue’s cyber environment. • Collaborate with Internal Audit, Compliance, and IT teams to ensure risks are accurately captured and aligned with enterprise risk practices. • Maintain familiarity with emerging cybersecurity risks, regulatory requirements, and industry best practices. • Share your knowledge and expertise with team members, fostering a collaborative and learning-oriented environment. • Participates in Project Management activities and the enterprise architecture reviews to drive overall technology direction for JetBlue. • Other duties as assigned. Minimum Experience and Qualifications • Bachelor’s degree in Cybersecurity, Information Security, Information Systems, Risk Management, or a related field; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous related work experience. • One (1)+ year(s) of experience in cybersecurity, risk management roles. • One (1)+ year(s) of information security experience. • Foundational knowledge of cybersecurity frameworks such as NIST CSF, ISO 27001, and risk methodologies such as FAIR. • Experience working with risk assessment platforms and Governance, Risk, and Compliance (GRC) tools (e.g., Archer, ServiceNow GRC, or similar). • Strong analytical, documentation, and communication skills. • Ability to build relationships and collaborate across technical and business team. • Must be able to work in a team environment as a productive and cordial team player. • Must be able to multi-task and prioritize in a fast-paced multi-team environment. • Ability to present to a variety of audiences. • Ability to work to deadlines with quick turnaround. • Ability to handle confidential information with professionalism and diplomacy. • Available for overnight travel (10%). • Must pass a pre-employment drug test. • Must be legally eligible to work in the country in which the position is located. • Authorization to work in the US is required. This position is not eligible for visa sponsorship. Preferred Experience and Qualifications • Industry certification such as CRISC, CISSP, CISA, or Security+. • Proficiency in usingSQL (e.g., Snowflake, SQL Server, Postgres)orSPL (e.g., Splunk)to extract, aggregate, and structure cybersecurity data from multiple systems for reporting purposes • Familiarity with mature cybersecurity programs challenges and regulatory environment in aviation finance, retail or similar industries. • Understanding of third-party risk assessment standards (e.g., SIG, CAIQ, or TPRM frameworks). • Exceptional communication skills with diverse audiences - Strong critical thinking and analytical skills. • Excellent teaching, problem-solving, communication, and interpersonal skills. Crewmember Expectations: • Regular attendance and punctuality. • Potential need to work flexible hours and be available to respond on short-notice. • Able to maintain a professional appearance. • When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of the aircraft. • Must be an appropriate organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Passion and Fun. • Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards. • Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR)). • The use of ChatGPT or any other automated tool during the interview process will disqualify a candidate from being considered for the position. Equipment: • Computer and other office equipment. Work Environment: • Traditional office environment. Physical Effort: • Generally not required, or up to 10 pounds occasionally, 0 pounds frequently (Sedentary). Compensation: • The base pay range for this position is between $68,000.00 and $112,000.00 per year. Base pay is one component of JetBlue’s total compensation package, which may also include access to healthcare benefits, a 401(k) plan and company match, crewmember stock purchase plan, short-term and long-term disability coverage, basic life insurance, free space available travel on JetBlue, and more. LI-AC1 #LI-Hybrid