Technology Compliance Program Manager

Guided by our purpose, core values, and leadership principles, we are creating an airline people love. Our corporate teams set the strategies and operational plans to ensure the success of our company. Whether we use our expertise in accounting, human resources, finance, planning, legal, marketing, or any of our operational divisions, our shared passion for travel and our guests is what motivates us to achieve excellence each day. If you share our passion for creating an airline people love, we want to hear from you.

The Technology Compliance Program Manager is the primary subject matter expert in the technology compliance and vulnerability management domain. As an individual contributor, this role defines long-term strategy for the identification, assessment, prioritization, and remediation of security vulnerabilities across our technology environment and exercises considerable latitude and initiative to solve broad, complex problems.

• As the lead subject matter expert in technology compliance, ensure the vulnerability management program aligns with regulatory requirements (e.g., PCI-DSS, HIPAA, NIST, ISO 27001) and integrate with other security tools such as SIEM, CMDB, and ticketing systems.
• Define long-term strategy for developing, implementing, and continuously improving the enterprise vulnerability management strategy and roadmap.
• Influence across company and several levels up to execute on IT assessments focusing on compliance with information security policy, procedures and standards.
• Manage and optimize vulnerability management tools (e.g., Tenable, Qualys, Rapid7, etc.) to continuously improve the internal audit and risk management review.
• Consult Alaska Air Group divisions, IT departments and project resources regarding the development, management approval, and implementation of objectives, goals, policies, standards, guidelines, and other requirement statements needed to support information security compliance throughout the company.
• Serve as the primary point of contact between penetration testers and internal stakeholders, ensuring clear scope definition, rules of engagement, and minimal business disruption.
• Define and track key performance indicators (KPIs) and metrics to measure program effectiveness.
• Analyze and track findings, validate results, and work with relevant teams to prioritize and remediate identified vulnerabilities.
• Manage execution of timely delivery of reports to leadership and stakeholders, maintain documentation, and integrate findings into the broader vulnerability management lifecycle.
• Oversee regular vulnerability scanning and assessments across infrastructure, applications, and cloud environments.
• Facilitate, schedule, and coordinate internal and third-party penetration tests across applications, networks, and cloud environments.
• Maintain documentation and evidence for audits and compliance reviews.

Required

• 7 years of experience in IT Security and Compliance, or related area.
• Bachelor’s degree in Information Security, Information Technology, Computer Science or related field, or an additional two years of relevant training/experience in lieu of this degree.
• Experience in project management, including all elements of scope, schedule, budgeting, risk evaluation, quality, integration, staffing, and communications.
• Knowledge of security regulations (e.g. Sarbanes-Oxley, Payment Card Industry Data Security Specification [PCI DSS], Health Insurance Portability and Accountability Act [HIPAA]) and standards (e.g. ISO 27001, NIST SP800-series).
• Excellent clear and concise verbal and written communication skills.
• High school diploma or equivalent.
• Minimum age of 18.
• Must be authorized to work in the U.S.

Preferred

• Industry certification in security (e.g. CISA, CISSP, and/or GIAC).
• Industry certification in project management (e.g. PMP).
• 2 years experience leading people.
• Demonstrated knowledge and experience in information security, software development and/or network security for large organizations.
• Detailed technical knowledge in security engineering, system and network security, authentication and security protocols.

Embody our values to own safety, do the right thing, be caring and kind, and deliver performance.

Pay will be based on multiple factors, including and not limited to location, relevant experience/level and skillset while balancing internal equity relative to other Alaska/Horizon employees. Alaska/Horizon is committed to fair, unbiased compensation along with competitive benefits in all locations in which we operate.

Note: We don’t typically hire at the top of the range.

Alaska Airlines, Hawaiian Airlines and Horizon Air pay and benefits can vary by company, location, number of regularly scheduled hours worked, length of employment, and employment status.

• Free stand-by travel privileges on Alaska Airlines, Hawaiian Airlines & Horizon Air
• Comprehensive well-being programs including medical, dental and vision benefits
• Generous 401k match program
• Quarterly and annual bonus plans
• Generous holiday and paid time off
   

For more information about Alaska/Hawaiian/Horizon Total Rewards please visit our career site and view benefits.

Equal Employment Opportunity Policy Statement  

It is the policy of Alaska Airlines, Hawaiian Airlines and Horizon Air to comply with all applicable federal, state and local laws governing nondiscrimination in employment and to ensure equal opportunity in all terms, conditions, and benefits of employment or potential employment.   

We also prohibit discrimination and harassment against any employee or applicant for employment because of race, color, religion, sex, national origin, age, disability, veteran status, genetic information and other legally protected categories.  

We have established an EEO Compliance Program under Section 503 of the Rehabilitation Act of 1973 (“Section 503”) and the Vietnam Era Veteran’s Readjustment Assistance Act of 1974 (“VEVRAA”).  All applicants and employees are treated without regard to their race, color, religion, sex, national origin, disability or protected veteran status. In addition, we have established an audit and reporting system to allow for effective measurement of its equal employment opportunity activities.   

To implement this policy, we will: 

(1) Recruit, hire, train and promote qualified persons in all job titles, without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information and any other legally protected categories; 
(2) Ensure that employment decisions are based only on valid job requirements; and 
(3) Ensure that all personnel actions and employment activities such as compensation, benefits, promotions, layoffs, return from layoff, Alaska Airlines, Hawaiian Airlines and Horizon Air sponsored programs, and tuition assistance will be administered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information and other legally protected categories. 

Employees and applicants for employment will not be subjected to harassment, intimidation, threats, coercion or discrimination because they have engaged or may engage in (1) filing a complaint, (2) opposing any act or practice made unlawful by, or exercising any other right protected by, any Federal, State or local law requiring equal opportunity, including Section 503 and the equal opportunity provisions of VEVRAA, or (3) assisting or participating in any investigation, compliance evaluation, hearing, or any other activity related to the administration of any Federal, State or local law requiring equal opportunity, including Section 503 and the equal opportunity provisions  of VEVRAA. 

Government Contractor & Department of Transportation (DOT) Regulations 
Alaska Airlines, Hawaiian Airlines & Horizon Air are regulated by the Department of Transportation (DOT – regulations, 49 CFR part 40) and all applicants are advised that post-offer and/or pre-employment drug testing will be conducted to determine the presence of marijuana, cocaine, opioids, phencyclidine (PCP) and amphetamines or a metabolite of these drugs prior to any offer or employment or transfer into a safety-sensitive position. Failure to submit to testing or positive indications of drug use will render the applicant ineligible for employment with Alaska Airlines/Hawaiian Airlines/Horizon Air and any employment offer will be withdrawn.