Senior Security Governance, Risk and Compliance Analyst - Rosemont, United States - Reyes Holdings

Description

Overview

Reyes Holdings is a global leader in the production and distribution of food and beverage products.

Our five business units service client accounts across 43 states in the United States and 19 countries worldwide - meaning the sun never sets on Reyes Holdings.

We continue as a family-owned and operated business, true to how we began in 1976. We're known for excellence, motivated by safety, and rooted in relationships. Our top priority is our people - all 33,000+ of our employees.

We've created a workplace where our diverse team has the ability to thrive, challenge one another to continually reach higher, and support each other on our Journey Forward together.

Responsibilities


Pay Transparency Statement:
The compensation philosophy reflects the Company's reasonable expectation at the time of posting.

We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs.

This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.

Position Summary:

The Senior Security Governance, Risk, and Compliance Analyst drives security assessments to enable the global enterprise to identify, assess, treat, and monitor cybersecurity risks.

The Senior Security Governance, Risk, and Compliance Analyst will engage technology and security stakeholders across the enterprise, including multiple business units, to document and validate security controls, identify coverage gaps, address security compliance requirements, and provide appropriate, fit-for-business recommendations.

This role will collaborate with various members of the security and technology organizations across the globe over the course of day- to-day assignments.

Position Responsibilities may include, but not limited to:

• Build a Risk Aware Culture by maturing the methods and measures to monitor and report risk, compliance, and assurance efforts through automation and process improvement, which may include use and implementation of GRC technologies
• Develop the compliance evaluation for the information security management framework based on the following: CIS (Center for Internet Security) Critical Security Controls, NIST 800-53, and PCI-DSS
• Analyze and improve the unified and flexible security control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations
• Report on the effectiveness of the framework for roles and responsibilities including ownership, classification, accountability, and protection of information assets
• Assess and recommend policies, standards, procedures, controls, and security solutions in partnership with key stakeholders to protect the confidentiality, integrity, and availability of the global information technology environment
• Develop and facilitate a reporting framework to measure the effectiveness and maturity of the information security program
• Participate in meetings with IT and Business Unit executives to report identified risks or control gaps and provide support for remediation of efforts to reduce identified security risks or gaps
• Other projects or duties as assigned

Qualifications


Required Skills and Experience:

• Bachelor's degree in business administration or a technology-related field with 4+ years of experience working in audit, information security or general IT areas related to risk management, controls assurance, compliance programs, cybersecurity and information security regulations, industry standards, and internal policies frameworks. Or High School Diploma with 7+ years of the above stated experience in lieu of a bachelor's degree
• Great people skills and an ability to work well in fast-paced team environment with a wide range of technical and non-technical teams
• Strong understanding of Information Security and Risk Management practices and principles including audit and regulatory requirements, codes, and industry guidance
• Ability to communicate effectively with technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants, and senior management
• Strategic thinker with strong collaboration skills, detailed working knowledge of IT and information security and risk management best practices, and familiarity in implementing enterprise-wide programs
• Exhibits best practice risk management understanding through a comprehensive knowledge of internal risk controls, risk monitoring, risk assessment and risk management processes
• Strong interpersonal, written, and oral communication skills
• Highly self-motivated and directed professional, with keen attention to detail
• Excellent analytical, problem-solving, and decision-making abilities
• Able to effectively prioritize tasks in a high-pressure environment
• Strong customer service and solution-focused orientation
• This job requires the ability to travel 10% on an annual basis
• This position must pass a post-offer background and drug test

Preferred Skills and Experience:

• Master's Degree
• CISA, CISSP, CCSK, IAPP/E, IAPP/US, or other professional certifications/associations
• Experience or background in Application Security, Operation Technology (OT), or Cloud Security

Physical Demands and Work Environment:
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions.

Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.