This job is closed

We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.

Information Security GRC Analyst

Seaboard Foods - Shawnee, KS

posted 2 months ago

Full-time
Shawnee, KS
5,001-10,000 employees
Support Activities for Agriculture and Forestry

About the position

YOUR OPPORTUNITY We have an exciting Information Security Governance, Risk, and Compliance (GRC) Analyst opportunity in our Merriam, KS office. In this highly impactful role, you will be a key member of the IT team. This position will perform day-to-day management and execution of the security governance, risk management, and compliance functions across all divisions. This position will work collaboratively with Information Security Teams in each division to collect and manage data from multiple resources and systems to allow for centralized reporting of the Information Security program effectiveness through risk analysis. The Information Security GRC Analyst will have knowledge of risk management, security, regulatory compliance, and privacy practices. They understand and explain to others the cybersecurity requirements for legal and regulatory compliance, including Sarbanes Oxley (SOX), SWIFT, and other applicable federal regulations and statutes. In addition, they perform security program gap assessments and control readiness reviews and report status to IT leadership. Effective interpersonal and communication skills and the ability to work with a wide variety of people (IT professionals and leadership, business partners, auditors, and vendors) is required for this role.

Responsibilities

  • Supports the key initiatives/projects focused on reducing technology risk, governance, compliance with policies and external regulatory compliance.
  • Supports the centralized GRC platform used by all divisions.
  • Performs periodic security program gap assessments on an ongoing basis for all divisions.
  • Responsible for SOX, SWIFT, and security audit compliance activities; partners with IT staff and internal and external auditors in reviewing program activities; gathers information to support compliance efforts and requests from auditors; and provides updates to IT leadership as deemed necessary.
  • Participates in addressing exception requests to information security policies and standards across all divisions; works with internal IT and business focal points to document the request, identify business justifications and compensating controls, and present findings to IT Leadership for review and approval.
  • Conducts information security vendor risk assessments and provides recommendations for system, network, and application design, implementation, and operational effectiveness controls.
  • Works with IT teams to develop corrective action plans for identified findings from internal security controls assessments, vendor risk assessments, internal and external audits, or other security reviews; tracks remediation efforts to closure.
  • Acts as an advisor for divisional security teams to help them understand the security policies and standards.
  • Serves as subject matter expert to internal business and technology teams and security teams on risk management activities and industry best practices.

Requirements

  • Minimum two years of relevant experience in the Information Security field with experience in the Governance, Risk, and Compliance disciplines.
  • Working knowledge and understanding of information security control frameworks (e.g., CIS Critical Security Controls, ISO 27001, NIST SP800-453, COBIT, ITIL, OWASP, etc.), as well as regulatory requirements (e.g., SOX, SWIFT, PCI, HIPAA, GDPR, CCPA, etc.).
  • Fundamental understanding of information risk concepts, risk assessments, and experience administering electronic Governance, Risk, and Compliance tools (e.g., OneTrust).
  • Basic knowledge and understanding of IT General Controls and their application across information systems, infrastructure, applications, and cloud-based environments.
  • Working knowledge and demonstrated experience working with and understanding information security controls attestation reports (e.g., SOC1, SOC2, ISO27001, PCI, etc.).
  • 2+ years of experience performing information security risk assessments for IT vendors.
  • 2+ years of experience communicating information security and controls conceptual and technical information to other IT professionals, business partners, IT Leadership, internal / external auditors, and vendors.
  • 2+ years of experience examining information security controls attestation reports to determine effectiveness and impact to an organization and the controls relied upon from the vendors providing services to the organization.

Nice-to-haves

  • University degree in IT, Computer Science, Cybersecurity, or a related field.
  • Governance, Risk, and Compliance related certifications such as CRISC and CGRC.
  • Security+, CISA, or other relevant security related designation(s).
  • Ability to determine the protection needs (i.e., security controls) of information systems, infrastructure, applications, and cloud-based environments.
  • Knowledge of security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.).
  • Knowledge of security principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.)

Benefits

  • 401(k) matching
  • Dental insurance
  • Health insurance
  • Paid time off
  • Tuition reimbursement
  • Vision insurance
  • Wellness program

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service