Information Security Analyst
Performance Food Group
We Deliver the Goods:Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much moreGrowth opportunities performing essential work to support America’s food distribution systemSafe and inclusive working environment, including culture of rewards, recognition, and respectPosition Summary:
Performance Food Group is looking for a talented Information Security Analyst to play a key role in supporting Information and Privacy Risk Management aspects of the company as a member of the Information Security Department. PFG is in the midst of establishing a Risk Management function that focuses on identifying, quantifying, communicating, and tracking risks associated with information assets. Reporting to the Manager of Information Security Risk Management and working with IT and line of business stakeholders, the analyst will have a heavy focus on compliance with internal/external policies/statutes, IT Risk Management, and Third Party Risk.
Position Responsibilities:Conduct risk assessments and maintain risk register.Perform assessments of IT controls processes, and systems, identifying gaps and opportunities to enhance design\\operational effectiveness while reducing the cost of compliance. Conduct periodic readouts and risk reviews with IT teams and segment/line of business stakeholders to convey risk and influence decision making.Assist in maintaining security exception lifecycle, including qualifying associated risk, determining compensating controls, communicating with IT and LOB stakeholders.Maintain Business Impact Analysis. Work with IT and LOB teams to maintain Business Impact Analysis, establishing risk categorizations for applications and infrastructure based on mission criticality and sensitivity of hosted data.Assist in development and implementation of Enterprise Crown Jewels program. Work with IT, LOB teams, and security control owners to define and govern control parameters for critical applications and technologies.KPI/KRI Development and Reporting. Assist in development of control-based Key Risk Indicators and Key Performance Indicators across business segments. Assist in developing associated governance model and metric tiers for consumption by various levels of stakeholders, up to and including the Board of Directors.Support IT Risk and exception management governance forums across business segments with varying operational models and business context.Support PFG’s Third Party Risk Management Program, assessing third parties for inherent and residual risk based on the nature of their services and their ability to appropriately secure PFG data and provide dependent services.Negotiate the inclusion of security requirements into third party contract agreements. Develop and Maintain IT Audit and Control documentation.Support necessary governance forums (committees, working groups) to ensure sound decision-making and stakeholder communications.Identify and report on non-compliance with regulatory mandates (i.e. Sarbanes Oxley section 404 PCI DSS, HIPAA, GDPR, CCPA).Support operational audits as necessary.Performs other related duties as assigned.
Performance Food Group is looking for a talented Information Security Analyst to play a key role in supporting Information and Privacy Risk Management aspects of the company as a member of the Information Security Department. PFG is in the midst of establishing a Risk Management function that focuses on identifying, quantifying, communicating, and tracking risks associated with information assets. Reporting to the Manager of Information Security Risk Management and working with IT and line of business stakeholders, the analyst will have a heavy focus on compliance with internal/external policies/statutes, IT Risk Management, and Third Party Risk.
Position Responsibilities:Conduct risk assessments and maintain risk register.Perform assessments of IT controls processes, and systems, identifying gaps and opportunities to enhance design\\operational effectiveness while reducing the cost of compliance. Conduct periodic readouts and risk reviews with IT teams and segment/line of business stakeholders to convey risk and influence decision making.Assist in maintaining security exception lifecycle, including qualifying associated risk, determining compensating controls, communicating with IT and LOB stakeholders.Maintain Business Impact Analysis. Work with IT and LOB teams to maintain Business Impact Analysis, establishing risk categorizations for applications and infrastructure based on mission criticality and sensitivity of hosted data.Assist in development and implementation of Enterprise Crown Jewels program. Work with IT, LOB teams, and security control owners to define and govern control parameters for critical applications and technologies.KPI/KRI Development and Reporting. Assist in development of control-based Key Risk Indicators and Key Performance Indicators across business segments. Assist in developing associated governance model and metric tiers for consumption by various levels of stakeholders, up to and including the Board of Directors.Support IT Risk and exception management governance forums across business segments with varying operational models and business context.Support PFG’s Third Party Risk Management Program, assessing third parties for inherent and residual risk based on the nature of their services and their ability to appropriately secure PFG data and provide dependent services.Negotiate the inclusion of security requirements into third party contract agreements. Develop and Maintain IT Audit and Control documentation.Support necessary governance forums (committees, working groups) to ensure sound decision-making and stakeholder communications.Identify and report on non-compliance with regulatory mandates (i.e. Sarbanes Oxley section 404 PCI DSS, HIPAA, GDPR, CCPA).Support operational audits as necessary.Performs other related duties as assigned.
Confirm your E-mail: Send Email
All Jobs from Performance Food Group