Information Security Analyst

About the position

Performance Food Group is looking for a talented Information Security Analyst to play a key role in overseeing aspects of PFG's Information Security Program. This role reports to the Manager of Information Security and partners with Infrastructure and Application teams in the definition of enterprise security architecture. The candidate will plan and carry out security measures to protect the organization's computer networks and systems. The candidate will administer multiple security capabilities/programs, partner with other organizations in overseeing the operation of security capabilities protecting end user systems, and perform technical assessments of applications and supporting infrastructure.

Responsibilities

• Support activities in Security Incident Response Management program
• Provide oversight and guidance to staff for Information Security related capabilities and processes (e.g. Phishing, Security Education, Incident Identification and Response, PCI DSS)
• Coordinate and Administer PFG's Security Awareness Education Program and associated activities and tools, including ad-hoc advisories, mock phishing, and Computer Based Training.
• Support activities relating to the management of the enterprise vulnerability management program
• Produce reports/dashboards, metrics, and insights to IT Service Delivery Owners, IT leadership, and line of business application owners related to the area of direct responsibility or those which you support.
• Monitor threat intelligence feeds (SANS, software manufacturer alerts, industry news media) for threats and vulnerability information to augment internal vulnerability and patch management processes, working with delivery teams to track, prioritize, and mitigate/remediate identified gaps.
• Coordinate Payment Card Industry Data Security Standards Steering Committee meetings, manage compliance documentation in collaboration with and oversight from Information Security and Treasury stakeholders.
• Advocate for and institute controls that support compliance with the Enterprise Information Security Policy.
• Ensure compliance with regulatory mandates (i.e. Sarbanes Oxley section 404, PCI DSS)
• Performs other related duties as assigned.

Requirements

• Associates/2-year technical education
• 1 - 3 years of related work experience
• 2+ years of related work experience
• Conceptual understanding with network (LAN, WAN, Perimeter) security best practices
• Conceptual understanding of vulnerability scanning utilities/solutions, specifically Tenable/Nessus
• Conceptual understanding with traditional security concepts: VPN, Cryptography, Firewalls, Intrusion Detection
• Conceptual understanding of IT security and assurance mandates/frameworks such as: Sarbanes-Oxley, CobIT, ISO 27001, NIST 800-53
• Conceptual understanding with cybersecurity concepts and countermeasures; Securing ecommerce capabilities; Identity and Access Management concepts, processes, and tools; and penetration testing tools, concepts, attacks/exploits (e.g. OWASP top ten, IP spoofing, syn flood, DDOS etc.) and procedures
• Able to conduct qualitative and quantitative analysis of large and complex data sets, experienced with desktop application and associated analytic/reporting utilities (MS Excel, MS Power BI, Cognos)
• Proficient project management skills
• Strong written and verbal communication skills
• Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)
• Demonstrated high level of analytical and problem solving skills

Nice-to-haves

• Bachelors degree
• 3 - 5 years of related work experience
• Security +, Network +, CISA, CEH, or GSEC professional certification desired
• Technical experience with the following emerging technologies/concepts desired: Mobile Device Management, Mobile device security architecture, Security-related aspects of cloud architectures (PaaS, SaaS, IaaS), Virtualization, Advanced Persistent Threats
• Experience with iSeries AS/400 (IBM i/ iSeries) security; Threat Modeling; Privileged user management tools (i.e. Cyberark) and processes; Microsoft SharePoint; Working in outsourced IT provider environments; and Payment Card Industry Data Security Standards (PCI-DSS)
• Familiarity with secure coding best practices desired
• Preferred Professional Certification(s): Security +, Network +, CISA, CEH, CCNA, or GSEC professional certification desired

Benefits

• Competitive pay and benefits, including Day 1 Health & Wellness Benefits
• Employee Stock Purchase Plan
• 401K Employer Matching
• Education Assistance
• Paid Time Off
• Growth opportunities performing essential work to support America's food distribution system
• Safe and inclusive working environment, including culture of rewards, recognition, and respect