Information Security GRC Analyst
About the role
We have an exciting Information Security Governance, Risk, and Compliance (GRC) Analyst opportunity in our Merriam, KS office. In this highly impactful role, you will be a key member of the IT team. The Information Security GRC Analyst manages and executes security governance, risk management, and compliance functions across all divisions, collaborating with Information Security Teams to centralize reporting and risk analysis. This role requires expertise in risk management, security, regulatory compliance, privacy practices, and an understanding of cybersecurity requirements for legal and regulatory standards. Strong interpersonal and communication skills are essential to work effectively with IT professionals, leadership, business partners, auditors, and vendors.
Responsibilities
- Supports the key initiatives/projects focused on reducing technology risk, governance, compliance with policies and external regulatory compliance.
- Performs periodic security program gap assessments on an ongoing basis for all divisions.
- Responsible for SOX and security audit compliance activities; partners with IT staff and internal and external auditors in reviewing program activities; gathers information to support compliance efforts and requests from auditors; and provides updates to IT leadership as deemed necessary.
- Participates in addressing exception requests to information security policies and standards across all divisions; works with internal IT and business focal points to document the request, identify business justifications and compensating controls, and presents findings to IT Leadership for review and approval.
- Conducts information security vendor risk assessments and provides recommendations for system, network, and application design, implementation, and operational effectiveness controls.
- Works with IT teams to develop corrective action plans for identified findings from internal security controls assessments, vendor risk assessments, internal and external audits, or other security reviews; tracks remediation efforts to closure.
- Contribute to the creation, maintenance, and revision of information security policies and standards, and serve as an advisor to divisional security teams, supporting their understanding and implementation of these policies and standards.
- Serves as subject matter expert to internal business and technology teams and security teams on risk management activities and industry best practices.
Qualifications
- Two years of relevant experience in the Information Security field with experience in the Governance, Risk, and Compliance disciplines.
- Working knowledge and understanding of information security control frameworks (e.g., CIS Critical Security Controls, ISO 27001, NIST SP800-453, COBIT, ITIL, OWASP, etc.), as well as regulatory requirements (e.g., SOX, SWIFT, PCI, HIPAA, GDPR, CCPA, etc.).
- Ability to implement automation and engineering solutions to improve GRC processes; experience or willingness to automate manual tasks and use engineering tools is preferred.
- Fundamental understanding of information risk concepts, risk assessments, and experience administering electronic Governance, Risk, and Compliance tools (e.g., OneTrust).
- Basic knowledge and understanding of IT General Controls and their application across information systems, infrastructure, applications, and cloud-based environments.
- Working knowledge and demonstrated experience working with and understanding information security controls attestation reports (e.g., SOC1, SOC2, ISO27001, PCI, etc.).
- Two years of experience performing information security risk assessments for IT vendors.
- Two years of experience communicating information security and controls conceptual and technical information to other IT professionals, business partners, IT Leadership, internal / external auditors, and vendors.
- Two years of experience examining information security controls attestation reports to determine effectiveness and impact to an organization and the controls relied upon from the vendors providing services to the organization.
CORE COMPETENCIES FOR SUCCESS IN ALL ROLES
- Instills trust
- Communicates effectively
- Action-oriented
- Ensures accountability
- Drives results
Work Environment
A primarily office environment with some need to work in the field. The noise level in the work environment is dependent on which environment you are in.
Why Seaboard Foods?
- Medical, vision & dental benefits upon hire
- 401K with company match
- Paid Time Off & Company Holidays
- Wellness Program
- Tuition reimbursement
- Employee pork purchase program
For a complete list of our benefits please visit our career site: here.