Information Security Analyst

Performance Food Group - Richmond, VA

posted 13 days ago

Full-time - Entry Level
Richmond, VA
1,001-5,000 employees
Merchant Wholesalers, Nondurable Goods

About the position

Performance Food Group is seeking an Information Security Analyst to support the company's Information and Privacy Risk Management efforts. This role involves conducting risk assessments, maintaining risk registers, and ensuring compliance with internal and external policies. The analyst will work closely with IT and business stakeholders to identify and manage risks associated with information assets, contributing to the establishment of a robust Risk Management function within the organization.

Responsibilities

  • Conduct risk assessments and maintain risk register.
  • Perform assessments of IT controls processes and systems, identifying gaps and opportunities to enhance design/operational effectiveness while reducing the cost of compliance.
  • Conduct periodic readouts and risk reviews with IT teams and segment/line of business stakeholders to convey risk and influence decision making.
  • Assist in maintaining security exception lifecycle, including qualifying associated risk, determining compensating controls, and communicating with IT and LOB stakeholders.
  • Maintain Business Impact Analysis, establishing risk categorizations for applications and infrastructure based on mission criticality and sensitivity of hosted data.
  • Assist in development and implementation of Enterprise Crown Jewels program, defining and governing control parameters for critical applications and technologies.
  • Assist in development of control-based Key Risk Indicators and Key Performance Indicators across business segments.
  • Support IT Risk and exception management governance forums across business segments with varying operational models and business context.
  • Support PFG's Third Party Risk Management Program, assessing third parties for inherent and residual risk based on the nature of their services and their ability to appropriately secure PFG data.
  • Negotiate the inclusion of security requirements into third party contract agreements.
  • Develop and maintain IT Audit and Control documentation, supporting necessary governance forums to ensure sound decision-making and stakeholder communications.
  • Identify and report on non-compliance with regulatory mandates (i.e. Sarbanes Oxley section 404, PCI DSS, HIPAA, GDPR, CCPA).
  • Support operational audits as necessary.

Requirements

  • Bachelor's degree required.
  • 6 months to 1 year of experience in developing, communicating, and presenting security or risk concepts to varying audiences.
  • Knowledge of regulatory requirements and frameworks.
  • Strong teamwork and interpersonal skills.
  • Experience in assisting with process improvement initiatives.
  • Hold relevant security certifications or willingness to pursue additional certifications.
  • Continuous learning mindset.
  • Experience performing IT and security risk assessments, using both qualitative and quantitative methods to identify, quantify, and communicate risk.
  • Working knowledge of privacy statutes including GDPR and CCPA.
  • Experience with Data Classification, Data Security, and Data Loss Prevention methods and tools, especially Microsoft Azure Information Protection.
  • Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio).
  • Strong process analysis and engineering skills.
  • Experience conducting and documenting business impact analysis, designing and implementing Business Continuity/Disaster Recovery plans.
  • Experience with IT assurance mandates/frameworks such as Sarbanes-Oxley, CobIT.
  • Demonstrated leadership skills.
  • Demonstrated high level of analytical and problem-solving skills.
  • Excellent written and verbal communication skills.
  • Ability to influence cross-functional and highly matrixed business and IT stakeholders.

Benefits

  • 401(k) matching
  • Employee stock purchase plan
  • Health insurance
  • Paid time off
  • Tuition reimbursement

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service