- Act as an Information Security Risk Management subject matter expert
- Assist the Information Security Risk Manager in the development and maintenance of the risk hierarchy, risk taxonomy, and risk register.
- Conduct regular risk assessments, documents issues, determines risk levels and coordinates with the appropriate subject matter experts to monitor the remediation of deficiencies
- Monitor the established risks in the IT organization and reports on the effectiveness of related mitigating controls
- Work closely with the Information Security Governance and Compliance team and security leadership to ensure cybersecurity policies and practices are designed to help mitigate risk
- Work closely with the Security Architecture team and participates in architecture reviews and project meetings to identify risk impact to the organization
- Participate heavily in the implementation of the ServiceNow Risk Management solution and its regular maintenance and basic bug-fixing.
- Responsible for the engagement of all third-party relationships to ensure that adequate controls are in place to protect SGWS data and information
- Assist the Information Security Risk Manager in the development, growth, and maturity of the risk-based third-party assessment and continuous monitoring program within ServiceNow
- Conduct annual vendor risk management reviews of existing third parties based on established risk ratings
- Review new third-party engagements, tracks issues to resolution, provides feedback on required security controls, and ensures contracts contain Southern Glazers' required content
- Review SOC1 & SOC 2 Type 2 reports, vulnerability assessments, penetration test results and additional documentation as required
- Travel to Southern Glazers' office locations and third-party sites to perform on site security assessments as needed
- Perform other duties as assigned
- Master's degree in related field preferred
- Cyber security related professional certifications such as CISSP, CISM, CREST Technical Security Architect, ISO Lead Auditor, CISA, etc., and Vendor certifications in Azure Cloud Technologies, networking and other related technologies.
- Experience in one or more of the following areas: implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus); OT/IOT/SCADA/ICS systems; large enterprise-wide transformation initiatives; experience in food, beverage, CPG, or distribution industries; prior experience working in Audit and/or Operational Security roles.
- Eight or more years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, cybersecurity, and governance, risk, and compliance (GRC).
- Bachelor's degree in computer science, information security, information assurance, or related field; or equivalent professional work experience
- Extensive knowledge of IT Risk Management processes and best practices
- Extensive knowledge of Third-Party Risk Management processes and best practices
- Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture
- Proven project management, multitasking and organizational skills
- Experience working with a variety of industry standards, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, TOGAF, IEC 62443 or CIS Benchmark
- Knowledge of IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
- Openness – Team and stakeholders agree to be open about all work and challenges
- Commitment – Personally commit to achieving the goals of the team
- Respect – Respect your team members to be capable and independent
- Courage – You have courage to do the right thing and work on tough problems
- Focus – Everyone focus on the work in the sprint and the goal of the scrum team. Rise and fall as a team
- Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
- Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
- May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs
-
Security Analyst
2 weeks ago
Concero Dallas, United StatesJob Description · Description: · As a Security Analyst 1 on the Global Cyber Security team, you will be responsible for analysis, response, and triage of security alerts/events, determining which steps to take to mitigate the threat. You will be working in a fast-paced environmen ...
-
IT Security Analyst
3 weeks ago
Balfour Beatty plc Dallas, United StatesAs an industry leader Balfour Beatty offers employees a comprehensive benefits package with competitive salaries and more including: · Medical, Dental, Vision and Life Insurance · Health Savings Account · 401(k) with company match · Flexible Spending Accounts (Dependent & Medical ...
-
Cyber Security Analyst
4 weeks ago
Yoh, A Day & Zimmermann Company Dallas, United StatesCybersecurity Analyst · Direct Hire · Dallas, TX (Onsite) · Responsibilities; · Our client is looking for a Cybersecurity Analyst to analyze, assess, plan, and enact security measures to help protect the company from security breaches and attacks on its data, computer networks an ...
-
OT Security Analyst
3 weeks ago
Alpha Consulting Corp Dallas, United StatesDESCRIPTION · Artech is currently seeking to add to the below position. · Job Title: OT Security Analyst · Job ID: · Location: Dallas, TX (On-site & Local) · Duration: 6+ Months · Job Description: · OT Security Analyst –This role would be an analyst that is investigating the al ...
-
Information Security Analyst
1 week ago
Collabera Dallas, United StatesHome · Search Jobs · Job Description · Information Security Analyst · Contract: Dallas, Texas, US · Salary: $68.00 Per Hour · Job Code: · End Date: · Days Left: 3 hours left · Apply · Below is the Job description for your reference: · Title:Information Security Analyst ...
-
Cyber Security Analyst
2 weeks ago
Siri InfoSolutions Inc Dallas, United StatesJob Description · Job DescriptionTitle: Cyber Security Analyst · Location: Dallas, Texas or Remote · Job Description: · The successful candidate must have an active U.S. Government CJIS Security clearance OR Top secret Clearance · ESSENTIAL_SKILL · ADDITIONAL_SKILL_NAME_1 · Mic ...
-
Senior Security Analyst
2 days ago
DirectDefense Dallas, United StatesJob Description · Job DescriptionDirectDefense has an immediate opening on our Security Operations team. This is an elite team of Security Analysts who do not merely monitor for attacks and malware, they actively and aggressively hunt for the evidence of compromise within our cli ...
-
Cyber Security Awareness Analyst
3 weeks ago
Akkodis Dallas, United StatesJob Title: Cybersecurity Awareness Analyst · Employment Type: Contract · Location: Dallas, TX (hybrid) · W2 Pay Range: $55-65/hr · Summary: · Akkodis is seeking a Cybersecurity Awareness Analyst for a contract position based in Dallas, TX. Hybrid schedule in the N. Dallas area. T ...
-
Principal Data Security Analyst
3 days ago
Southern Glazer's Wine & Spirits Dallas, United States Full timeOverview · The Principal Data Security Analyst, job focuses on gathering and interpreting data, gathering, and documenting business requirements, defining and documenting processes (process flows/swim lanes), and standardization of data and processes. Can resolve transaction / d ...
-
Principal Analyst Information Security
2 weeks ago
Southern Glazer's Wine & Spirits Dallas, United StatesWhat You Need To Know · Open the door to a groundbreaking tech career with an industry leader. Southern Glazer's Wine & Spirits is North America's preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To crea ...
-
Sr. IT Security Analyst
16 hours ago
Omnicell Dallas, United StatesReporting to Director, Information Security Architecture, the Business Information Security Officer (BISO) is responsible for liaising between the Omnicell Information Security Team and their line of business constituency helping the business understand and implement security pol ...
-
IT Security Analyst
3 weeks ago
GuideIT Dallas, United StatesAbout GuideIT · GuideIT is a US based technology services company Headquartered in Plano, Texas, focused on providing value to its customers by aligning technology with business outcomes, maximizing value through cost management, and allowing rapid, proactive response to change. ...
-
Information Security Analyst
6 days ago
Jewelers Mutual Group Dallas, United StatesSUMMARY · This role will work independently and be responsible for the daily operation and continuous tuning of Information Security systems to maintain and improve the overall security of the IT environment. The role will lead efforts to work across the lines of business to en ...
-
Cyber Security Awareness Analyst
3 weeks ago
Insight Global Dallas, United StatesThis is a hybrid onsite position in the Dallas, TX area. · Must Haves: · 3-5 years of experience in a similar role · Previous experience administering phishing campaigns for large, enterprise companies · Strong background in phishing · Being able to effectively communicate to s ...
-
Cyber Security Threat Analyst
2 weeks ago
PriceSenz Dallas, United StatesWe are looking for a skilled Cybersecurity Specialist to join our team in the DFW area. The ideal candidate will have a comprehensive understanding of cybersecurity practices, threat intelligence, and incident response. This role requires expertise in digital forensics, cloud sec ...
-
IT Security Analyst
3 weeks ago
GuideIT Dallas, United StatesAbout GuideIT · GuideIT is a US based technology services company Headquartered in Plano, Texas, focused on providing value to its customers by aligning technology with business outcomes, maximizing value through cost management, and allowing rapid, proactive response to change. ...
-
Sr. Cyber Security Analyst
1 week ago
Élan Partners Dallas, United StatesTITLE: Sr. Cyber Security Analyst (Remote/Hybrid if local to Dallas/Ft. Worth)Direct Hire OpportunityNo SponsorshipHybrid - 3 Days Remote, 2 Days onsite · As our clients Sr. Cyber Security Analyst you will analyze, assess, plan, and enact security measures to help protect the co ...
-
Sr. Cyber Security Analyst
4 weeks ago
Elan Partners Dallas, United StatesTITLE: Sr. Cyber Security Analyst (Remote/Hybrid if local to Dallas/Ft. Worth) · Direct Hire Opportunity · No Sponsorship · Hybrid - 3 Days Remote, 2 Days onsite, unless you reside outside of the Dallas/Forth Worth area. · As our clients Sr. Cyber Security Analyst you will analyz ...
-
Principal Analyst Information Security
2 days ago
Southern Glazer's Wine and Spirits Dallas, United StatesWhat You Need To Know · Open the door to a groundbreaking tech career with an industry leader. Southern Glazers Wine & Spirits is North Americas preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To creat ...
-
OT Security Analyst
3 weeks ago
Alpha Consulting Dallas, United States· Artech is currently seeking to add to the below position. · Job Title: · OT Security Analyst · Job ID: · Location: Dallas, TX (On-site & Local) · Duration: 6+ Months · Job Description · OT Security Analyst – This role would be an analyst that is investigating the alerts ...
Principal Information Security Analyst - Dallas, United States - Southern Glazer's Wine & Spirits
Description
Overview
The Principal Information Security Risk Analyst is responsible for assessing IT risk both internally as well as third parties to help secure SGWS data and information. The person in this position will need to have extensive knowledge of information security risk and third-party risk management, as well as the various technologies within the organization. This position works closely with all IT areas including Infrastructure, Application Development, Database, Network, Security Operations, and IT Compliance.
This position reports directly to the Information Security Risk Manager.
Primary Responsibilities
Risk Management
Third Party Risk Management
Preferred Qualifications
Minimum Qualifications
Agile Delivery Values
Physical Demands