Illinois Virtual, Location, USA
3 days ago
IT PCI Security Analyst GRC (Remote)

ARE YOU A CURRENT US FOODS EMPLOYEE? PLEASE APPLY DIRECTLY THROUGH OUR INTERNAL WORKDAY CAREER SITE

Join Our Community of Food People!

At US Foods®, innovation and technology is our superpower. By expanding our digital ecosystem and leading with a customer-first mindset, we’re delivering technology that empowers our customers and simplifies business. As we transform the digital landscape of the foodservice industry, we’re outpacing our competitors faster than ever before. ​

We believe diversity is the cornerstone of creativity and innovation—and we foster an open, inclusive, flexible work environment that supports our transformation.

US Foods is looking for a motivated security professional to join our Information and Cybersecurity Team. This individual will be working within Technology and Innovation organization and will assist with all critical functions under Governance, Risk, and Compliance, including, security policies, standards, compliance frameworks (i.e. PCI, SOx), data classification & governance, third party risk management, risk lifecycle, cybersecurity crisis management playbooks, KPIs, security awareness training, and cybersecurity communications.

This is a unique role within the Information & Cybersecurity Team. The position is responsible supporting the security strategy and elevating the company’s security posture. With support from Information & Cyber Security leadership, the GRC security analyst assesses and validates the assurance of the security program, monitors progress and enforces resolution of outstanding issues, and focus on strong risk management and corporate resiliency.

Flexible Work Policy: The work for the IT PCI Security Analyst position is completed remotely anywhere in the United States except Hawaii or United States Territories.  This position may have the potential to travel up to 20% dependent on business needs.  

RESPONSIBILITIES 
•    Manage and operate GRC platforms and tools, including, Risk Register, Audit tools, Security Awareness platform, Vendor Risk Management tool, etc. 
•    Assist with the development of security policies and standards.
•    Perform audits, assess risks, and manage/enforce remediation of issues found in security assessments, penetration tests, and internal discovery.
•    Serve as liaison for security team to other Technology and Innovation value streams as well as business stakeholders
•    Maintain third party vendor management standards, questionnaires and documentation to adhere to regulatory compliance and internal standards
•    Execute communications plans as it pertains to Security Awareness and change management due to changes in US Foods security posture
•    Contribute to highly visible documentation, including regulatory filings/disclosures and executive briefings
•    Respond to customer requests for security assessment surveys
•    Be an advocate in building a culture of security across the enterprise


SUPERVISION
•    N/A

RELATIONSHIPS
•    Internal: Internal and external audit, IT Value Stream teams such as supply chain, commercial, and Data, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, and Supply Chain Technology teams
•    External: Technology vendors, including software and service providers; customer risk management representative, relevant managed security services, and professional services vendors

WORK ENVIRONMENT
•    This role has been segmented as ""Remote "" meaning works remotely. Can live anywhere in continental US and Alaska. Travel as needed for business.  
  
MINIMUM QUALIFICATIONS 
•    At least 3-5 years of information security experience (or combination of 3 to 5 years of IT system administration with security or IT audit). 
•    Experience with compliance requirements (PCI, HIPAA, SOX, etc.).
•    Familiarity with security frameworks such as NIST-CSF, ISO 27001, CIS, Ability to effectively communicate business risk and information security concepts to audiences of varying technical acumen through multiple communication channels.
•    Experience measuring and tracking. cybersecurity risks, issues, and exceptions 
•    Ability to advise, collaborate, and work in a team environment enabling others to trust and grow their skills and competencies
•    Experience executing security compliance plans, vulnerability management programs, risk management lifecycle, and/or security assessment/governance processes
•    Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
•    Proactive self-development, staying current on evolving threat landscape, security trends/best practices, and dynamic regulatory requirements
 
Education
•    Bachelor’s degree from an accredited college/university or equivalent work experience required. 


Related Experience/Requirements
•    Experience developing, measuring and tracking key performance metrics, preferably in a cybersecurity program
•    Highly organized, efficient, and attention to detail
•    Demonstrable track record of successful development of resources, mentoring, and career guidance
•    Strong written and verbal skills enabling effective communication with different levels of leadership

Certifications/Training
•    Preferred but not required: SANS GSEC, GCIA (or related), CISSP

Licenses
•    N/A
 

Compensation depends on relevant experience and/or education, specific skills, function, geographic location, and other factors as applicable by law.  The expected base rate for this role is between $85,000 - $140,000.

This role will also receive annual incentive plan bonus.

​Benefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html.

#LI-EG1

***EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status***

Confirm your E-mail: Send Email