Sr Info Security Analyst - San Antonio, United States - H-E-B
Description
Responsibilities:
H-E-B is a leading innovator in technology, and recently weve been investing in our customers digital experience. Our Digital Technology Partners collaborate to design, construct, implement, and support technology solutions, using the best available technologies to deliver modern engagement, reliability, and scalability to meet customer needs.
As a Senior Governance, Risk, & Compliance (GRC) Analyst, youll assess and document H-E-B information asset compliance and risk posture. You may coach and mentor.
Once youre eligible, youll become an Owner in the company, so were looking for commitment, hard work, and focus on quality and Customer service. Partner-owned means our most important resourcesPeopledrive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company.
Do you have a:
HEART FOR PEOPLE strong interpersonal skills?
HEAD FOR BUSINESS ability to stay current on technology trends and quickly learn new technologies?
PASSION FOR RESULTS drive to support due diligence related to vendor and third-party processes?
We are looking for:
5+ years of related experience
What is the work?
Analytics / Information Technology / Auditing:
Contributes to development / continuous improvement of H-E-B security program goals and objectives
Leads development / implementation of system-wide risk management function to ensure information security risks are identified / monitored
Serves as SME and advisor to help manage risk at an acceptable level
Collaborates to define information security policies, standards, and procedures, and to ensure controls are adequate, appropriate, effective
Establishes / maintains control objectives and procedures; maintains a risk register to identify / evaluate / prioritize / monitor risk findings to be reported to executive committee
Performs internal risk assessments; validates effectiveness of security controls; recommends appropriate actions to mitigate risks; assesses / evaluates / makes recommendations related to adequacy of security controls
Supports vendor due-diligence process; helps define overall third-party risk management efforts
Supports internal and external audit processes for related compliance requirements
Supports vulnerability management efforts (e.g., remediation tracking, status reporting, enhancements)
Liaises with external auditors on regulatory assessments
Stays current on developing regulatory concerns and changing IT and InfoSec trends
Establishes / maintains robust reporting processes related to security topics
May coach and mentor
What is your background?
A related degree or comparable formal training, certification, or work experience
5+ years of experience in information security, IT risk management, or IT compliance
Experience in IT systems, security policies, standards, industry trends, and techniques
Experience with secure network protocols and communications encryption between networked hosts
Experience working with hybrid cloud infrastructures
Experience defining / delivering systems support strategy (business analysis, requirements gathering)
Experience in policy development and designing information security controls
One or more professional security certifications (e.g., CISSP, CISA, CISM, CRISC)
Do you have what it takes to be a fit as a Senior GRC Analyst at H-E-B?
Strong working knowledge of security issues for desktop, virtual, cloud services, and network infrastructures; of risk management methodologies, frameworks, and principles (e.g. NIST, ISO 27001, ITIL, PCI, CCPA, SOC 2, SOX, etc.)
Understanding of IT GRC / IRM platforms including ServiceNow
Strong interpersonal and relationship-building skills
Strong communication and presentation skills
Strong problem-solving skills
Time management and prioritization skills; detail-oriented
Ability to quickly connect business requirements with the functional capabilities of a GRC platform
Ability to professionally handle confidential information
Ability to meet deadlines and prioritize appropriately on concurrent projects with urgency and ownership
Ability to analyze for potential future issues
Ability to stay current on technology trends and quickly learn new technologies
Ability to cope well with change and maintain composure under high-pressure situations
Ability to communicate and collaborate at all levels
Ability to articulate risk in terms of business impact and suggest reasonable strategies for mitigation
Can you...
Function in a fast-paced, retail, office environment
Work extended hours / sit for extended periods
ISSEC3232
#digitalsecurity