Why Work for Frontier Airlines?

At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - its our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need – saving them money along the way.

What We Stand For

Low Fares Done Right is our mission and we strive to bring it to life every day. Our ‘Done Right promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - were not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality.

Work Perks

At Frontier, we like to think were creating something very special for our team members. Work is why were here, but the perks are nice too:

• Flight benefits for you and your family to fly on Frontier Airlines.
• Buddy passes for your friends so they can experience what makes us so great.
• Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages.
• Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors.
• Enjoy a ‘Dress for your Day business casual environment.
• Flexible work schedules that support work/life balance.
• Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1^st of the month following your hire date.
• We play our part to make a difference. The HOPE League, Frontier Airlines non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship.

Who We Are

Frontier Airlines is a leading ultra-low cost carrier headquartered in Denver, Colorado. With a mission to deliver Low Fares Done Right, the company provides affordable, convenient and accessible air travel throughout the U.S., Caribbean, Mexico and Latin America. Frontiers highly fuel-efficient, all-Airbus fleet is among the youngest and most modern of any carrier within the U.S. That, combined with the airlines many weight-saving initiatives and focus on operational efficiencies, makes Frontier Americas Greenest Airline.* Each Frontier Airlines plane tail features a special animal with a unique name and backstory. Many of the featured species are endangered or threatened, part of the airlines commitment to underscore and raise awareness for their plight. Frontier serves approximately 100 destinations throughout North America and operates 500-plus daily flights, on average. The airline employs more than 7,000 team members and has crew bases in more than a dozen U.S. cities. Frontier Airlines., Inc., is a subsidiary of Frontier Group Holdings, Inc. (NASDAQ: ULCC).

* Frontier is the most fuel-efficient of all major U.S. carriers when measured by ASMs per fuel gallon consumed.

What Will You Be Doing?

The IT Governance, Risk, & Compliance (GRC) Analyst will support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The IT GRC Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, TSA, and data privacy standards/regulations. The analyst will implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The analyst will have a unique opportunity to partner and engage with departments across the organization, including Cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams.

Essential Functions

• Make an impact on the organizations security program and services through experience with various cybersecurity concepts including data governance, risk management, metrics, audit, policy, and standards development.
• Partner with Finance, Accounting, and Internal Audit teams to understand our processes and how technology controls fit into those processes.
• Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability.
• Act as liaison with internal and external auditors for regulatory audits/assessments, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies.
• Support control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews.
• Assist in conducting management audits, producing reports with recommendations for remediation and improvement.
• Support development and implementation of security policies, procedures, and documented security controls.
• Maintain a regulatory (PCI/SOX/TSA) control database, inventorying control ownership, control objectives, and testing objectives.
• Support and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments.
• Support key operations of due diligence, on-going monitoring, and risk exception/waiver management.
• Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results.
• Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives.
• Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards.
• Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.
• Support development and dissemination of cybersecurity training and awareness for organizational users, administrators, and developers.
• Assist in the management and maintenance of the enterprise-wide Cybersecurity Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, bulletins, and newsletters.
• Support controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective.
• Perform assessments on our Third Parties, aimed at reducing organizational risk from an cybersecurity perspective.
• Support the delivery of relevant and actionable reporting/presentations to stakeholders and executive management.
• Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as CCPA, TSA, PCI, and SOX) and escalate findings appropriately.
• Performs other related duties as assigned.

Qualifications

• Bachelors degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field.
• 3+ years experience in vendor risk management, IT risk management, and/or data privacy role.
• 2+ years experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role.
• Ability to develop policies, standards, and procedures in compliance with laws, regulations, and industry best practices in support of organizational cyber activities.
• Preferred, but not required:
• Experience with the airline industry a plus.
• Hold an active GRC certification, such as CISSP, CISA, CISM, CRISC, CRMA, or GIAC.
• Big-4 accounting firm experience is a plus.

Knowledge, Skills and Abilities

• Experience with risk management as it relates to Cybersecurity.
• Experience with security audits.
• Experience in controls testing in line with SOX frameworks.
• Experience developing cybersecurity and IT controls, policies, and procedures.
• Proficient in developing and maintaining policies, standards, and guidance artifacts.
• Experience identifying, tracking, reporting and remediating IT/Cyber procedural and technical risk.
• Strong understanding on implementing effective control and/or mitigation options to manage security risks.
• Display a working knowledge of SOX IT General Controls (ITGC) requirements.
• Proven ability to plan and execute ITGC testing and subsequent status reporting.
• Knowledge of industry frameworks, regulations, or contractual rules such as PCI-DSS, HIPPA, NIST, ISO, ITIL, GDPR, COSO, COBIT, and SOC1/2.
• Knowledge of industry trends and current and emerging risks.
• Ability to facilitate a climate of cohesiveness, cooperation, and teamwork.
• Self-directed professional with strong work ethics and excellent organizational skills.
• Exceptional consultative and interpersonal skills that have resulted in business relationships of impeccable trust, confidence, and results.
• Ability to work in a fast paced, sometimes stressful team environment with the ability to adapt to new, different, or changing situations.
• Familiarity with working cross departmentally (Internal Controls, Finance, Accounting, People).
• Very strong analytical skills.
• Excellent verbal, written, and presentation skills.
• Proficient in Microsoft Office suite of applications (Word, Excel, PowerPoint, Access, SharePoint, etc.).

Equipment Operated

Experience using GRC, third-party risk management, and identity access & governance platforms.

Work Environment

Typical office environment, adequately heated and cooled.

Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Positions Supervised

Does not supervise resources.

Salary Range

$72,000.00 - $96,331.00

Please note: this posting has a closing date of 4/18/2025, midnight MT.

**Relocation assistant/reimbursement offered**

Workplace Policies

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

Frontier Airlines, Inc. is an equal opportunity employer and, as such, is committed to providing equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability status, pregnancy, genetic information, citizenship status or any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective DOT safety-sensitive employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any DOT safety-sensitive job applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.

Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.