Grand Rapids, MI, USA
29 days ago
Specialist, Information Security Compliance

As a family company, we serve people and communities. When you work at Meijer, you’re provided with career and community opportunities centered around leadership, personal growth and development. Consider joining our family – take care of your career and your community!

 

Meijer Rewards

Weekly pay

Scheduling flexibility

Paid parental leave 

Paid education assistance

Team member discount

Development programs for advancement and career growth

 

Please review the job profile below and apply today!

This role is open to remote work if you're located in one of our 6 footprint states - Michigan, Indiana, Illinois, Ohio, Wisconsin or Kentucky.

This role does not offer sponsorship - this includes OPT Student Visas.

.

What You’ll be Doing: 

Develop, implement, and monitor a strategic, comprehensive enterprise information security compliance program. 

Ensure that our IT infrastructure is in line with industry standards and compliance regulations. 

Work closely with IT and business stakeholders to understand their needs and ensure that compliance requirements are met without hindering business operations. 

Conduct regular audits and risk assessments to identify vulnerabilities and non-compliance issues. 

Coordinate with external auditors and consultants to conduct external security audits. 

Prepare and document standard operating procedures and protocols. 

Design and implement educational programs to improve the understanding of related laws and regulatory requirements across the organization. 

Respond to security breaches and identify the root cause to prevent future incidents. 

Stay current with the latest security technology and practices, as well as compliance regulations and standards. 

Serves as primary driver to identify securable resources and mentor/assist business staff in selecting appropriate resource owners. 

Works with resource owners in business organizations to determine appropriate security policies for securable resources. 

Consults with IT technical services staff to evaluate, select, install and configure hardware and software systems that provide appropriate security functions. 

Mentors, leads or assists resource owners and IT staff in understanding and responding to security audit failures reported by internal and external auditing departments. 

Advises security administration staff on normal and exception processing of security authorization requests. 

Determine appropriate level of documentation.  Documents security policies and maintains resource classification scheme.  May be required on occasion to present information on security status, project status and security training to audiences from management to field staff as appropriate. 

Proactively protects the integrity, confidentiality and availability of information in the custody of or processed by the company by: responding in a timely manner to a loss or misuse of information assets; leading and participating in investigations of suspected information security misuse or in compliance reviews as requested by auditors; communicating unresolved security exposures, misuse or noncompliance situations to management. 

Consults with IT management to ensure selection and use of realistic enforcement mechanisms. 

Oversees review of security policies and resource classification scheme; keeps management informed of project status. 

Provides technical expertise and guides the administration of security tools that control and monitor information security, including: updating access control tables; setting up user logon ids and assigning/resetting passwords; designing computer system access reports to identify possible security violations. 

Researches, defines, develops and maintains effective disaster recovery plans, processes and procedures necessary to recover services in the event of a declared disaster.  Provides direction and in house consulting in these areas. 

Researches, evaluates, designs, tests, recommends and plans implementation of new or improved information security software or devices. 

Analyzes new software applications or tool implementations for implications to existing security software and devices. 

Defines curriculum and trains information owners in the implementation of necessary computer security controls or new/upgraded security software and devices. 

Develops and implements information security educational programs, conducting awareness seminars and workshops as appropriate. 

Maintains technical reference library.  Develops technical information materials and workshops on these new areas for IT as appropriate. 

This job profile is not meant to be all inclusive of the responsibilities of this position; may perform other duties as assigned or required. 

What You Bring with You (Qualifications): 

Bachelor’s degree in Computer Science, Information Technology, or a related field. 

Professional certification such as CISSP, CISA, CISM, SANS GIAC, or other industry specific certification. 

Minimum 5 years of experience in Information Security. 

6+ years of experience in IT with a broad range of exposure to business planning, systems analysis, security solutions, application development and infrastructure support. 

Experience in IT must include exposure to systems analysis, security solutions and application development, and infrastructure support. 

In-depth knowledge of PCI, HIPAA, URAC, CTPAT, and other relevant compliance frameworks. 

Familiarity with information security standards, including NIST, CIS, ISO 27001, ITIL. 

Experience as an IT auditor is highly valuable. 

Strong understanding of IT systems, architecture, and the security aspects of compliance. 

Excellent communication and leadership abilities. 

Confirm your E-mail: Send Email