Sr Info Security Analyst - San Antonio, United States - H-E-B

    H-E-B
    H-E-B San Antonio, United States

    1 month ago

    Default job background
    Description

    Responsibilities:

    H-E-B is a leading innovator in technology, and recently weve been investing in our customers digital experience. Our Digital Technology Partners collaborate to design, construct, implement, and support technology solutions, using the best available technologies to deliver modern engagement, reliability, and scalability to meet customer needs.

    As a Senior Governance, Risk, & Compliance (GRC) Analyst, youll assess and document H-E-B information asset compliance and risk posture. You may coach and mentor.

    Once youre eligible, youll become an Owner in the company, so were looking for commitment, hard work, and focus on quality and Customer service. Partner-owned means our most important resourcesPeopledrive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company.

    Do you have a:

    HEART FOR PEOPLE strong interpersonal skills?

    HEAD FOR BUSINESS ability to stay current on technology trends and quickly learn new technologies?

    PASSION FOR RESULTS drive to support due diligence related to vendor and third-party processes?

    We are looking for:

    5+ years of related experience

    What is the work?

    Analytics / Information Technology / Auditing:

    Contributes to development / continuous improvement of H-E-B security program goals and objectives

    Leads development / implementation of system-wide risk management function to ensure information security risks are identified / monitored

    Serves as SME and advisor to help manage risk at an acceptable level

    Collaborates to define information security policies, standards, and procedures, and to ensure controls are adequate, appropriate, effective

    Establishes / maintains control objectives and procedures; maintains a risk register to identify / evaluate / prioritize / monitor risk findings to be reported to executive committee

    Performs internal risk assessments; validates effectiveness of security controls; recommends appropriate actions to mitigate risks; assesses / evaluates / makes recommendations related to adequacy of security controls

    Supports vendor due-diligence process; helps define overall third-party risk management efforts

    Supports internal and external audit processes for related compliance requirements

    Supports vulnerability management efforts (e.g., remediation tracking, status reporting, enhancements)

    Liaises with external auditors on regulatory assessments

    Stays current on developing regulatory concerns and changing IT and InfoSec trends

    Establishes / maintains robust reporting processes related to security topics

    May coach and mentor

    What is your background?

    A related degree or comparable formal training, certification, or work experience

    5+ years of experience in information security, IT risk management, or IT compliance

    Experience in IT systems, security policies, standards, industry trends, and techniques

    Experience with secure network protocols and communications encryption between networked hosts

    Experience working with hybrid cloud infrastructures

    Experience defining / delivering systems support strategy (business analysis, requirements gathering)

    Experience in policy development and designing information security controls

    One or more professional security certifications (e.g., CISSP, CISA, CISM, CRISC)

    Do you have what it takes to be a fit as a Senior GRC Analyst at H-E-B?

    Strong working knowledge of security issues for desktop, virtual, cloud services, and network infrastructures; of risk management methodologies, frameworks, and principles (e.g. NIST, ISO 27001, ITIL, PCI, CCPA, SOC 2, SOX, etc.)

    Understanding of IT GRC / IRM platforms including ServiceNow

    Strong interpersonal and relationship-building skills

    Strong communication and presentation skills

    Strong problem-solving skills

    Time management and prioritization skills; detail-oriented

    Ability to quickly connect business requirements with the functional capabilities of a GRC platform

    Ability to professionally handle confidential information

    Ability to meet deadlines and prioritize appropriately on concurrent projects with urgency and ownership

    Ability to analyze for potential future issues

    Ability to stay current on technology trends and quickly learn new technologies

    Ability to cope well with change and maintain composure under high-pressure situations

    Ability to communicate and collaborate at all levels

    Ability to articulate risk in terms of business impact and suggest reasonable strategies for mitigation

    Can you...

    Function in a fast-paced, retail, office environment

    Work extended hours / sit for extended periods

    ISSEC3232

    #digitalsecurity