110487BR
Job Title:
Information Security Analyst
Location:
West Creek-Richmond Corp (0999)
We Deliver the Goods:
Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much more
Growth opportunities performing essential work to support America's food distribution system
Safe and inclusive working environment, including culture of rewards, recognition, and respect
Position Summary:
Performance Food Group is looking for a talented Information Security Analyst to play a key role in supporting Information and Privacy Risk Management aspects of the company as a member of the Information Security Department. PFG is in the midst of establishing a Risk Management function that focuses on identifying, quantifying, communicating, and tracking risks associated with information assets. Reporting to the Manager of Information Security Risk Management and working with IT and line of business stakeholders, the analyst will have a heavy focus on compliance with internal/external policies/statutes, IT Risk Management, and Third Party Risk.
Position Responsibilities:
Conduct risk assessments and maintain risk register.
Perform assessments of IT controls processes, and systems, identifying gaps and opportunities to enhance design\operational effectiveness while reducing the cost of compliance.
Conduct periodic readouts and risk reviews with IT teams and segment/line of business stakeholders to convey risk and influence decision making.
Assist in maintaining security exception lifecycle, including qualifying associated risk, determining compensating controls, communicating with IT and LOB stakeholders.
Maintain Business Impact Analysis. Work with IT and LOB teams to maintain Business Impact Analysis, establishing risk categorizations for applications and infrastructure based on mission criticality and sensitivity of hosted data.
Assist in development and implementation of Enterprise Crown Jewels program. Work with IT, LOB teams, and security control owners to define and govern control parameters for critical applications and technologies.
KPI/KRI Development and Reporting. Assist in development of control-based Key Risk Indicators and Key Performance Indicators across business segments. Assist in developing associated governance model and metric tiers for consumption by various levels of stakeholders, up to and including the Board of Directors.
Support IT Risk and exception management governance forums across business segments with varying operational models and business context.
Support PFG's Third Party Risk Management Program, assessing third parties for inherent and residual risk based on the nature of their services and their ability to appropriately secure PFG data and provide dependent services.
Negotiate the inclusion of security requirements into third party contract agreements.
Develop and Maintain IT Audit and Control documentation.
Support necessary governance forums (committees, working groups) to ensure sound decision-making and stakeholder communications.
Identify and report on non-compliance with regulatory mandates (i. e. Sarbanes Oxley section 404 PCI DSS, HIPAA, GDPR, CCPA).
Support operational audits as necessary.
Performs other related duties as assigned.
Req Number:
Address Line 1:
12500 West Creek Pkwy
Job Location:
Richmond, Virginia (VA)
Shift:
1st Shift
Full Time / Part Time:
Full Time
EEO Statement:
Performance Food Group and/or its subsidiaries (individually or collectively, the "Company") provides equal employment opportunity (EEO) to all applicants and employees, regardless of race, color, national origin, sex, marital status, pregnancy, sexual orientation, gender identity, religion, age, disability, genetic information, veteran status, and any other characteristic protected by applicable local, state and federal laws and regulations. Please click on the following links to review: (1) our EEO Policy (/pfgc. com/Policy) ; (2) the "EEO is the Law" poster (/pfgc. com/Poster) and supplement (/pfgc. com/Supplement) ; and (3) the Pay Transparency Policy Statement (/pfgc. com/PayTransparency) .
Required Qualifications:
Required Education: Bachelors
Required Experience: 6months - 1 year
• Experience in developing, communicating, and presenting security or risk concepts to varying audiences
• Knowledge of regulatory requirements and frameworks
• Strong teamwork and interpersonal skills
• Experience in assisting with process improvement initiatives
• Hold relevant security certifications or willingness to pursue additional certifications
• Continuous learning mindset
• Experience performing IT and security risk assessments, using both qualitative and quantitative methods to identify, quantify, and communicate risk
• Working knowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)
• Experience with Data Classification, Data Security, and Data Loss Prevention methods and tools, especially Microsoft Azure Information Protection
• Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)
• Strong process analysis and engineering skills
• Experience conducting and documenting business impact analysis, designing and implementing Business Continuity/Disaster Recovery plans
• Experience with IT assurance mandates/frameworks such as Sarbanes-Oxley, CobIT
• Demonstrated leadership skills
• Demonstrated high level of analytical and problem-solving skills
• Excellent written and verbal communication skills
• Ability to influence cross functional and highly matrixes business and IT stakeholders
Division:
Performance Food Group
Job Category:
Information Systems
Preferred Qualifications:
Preferred Education: Bachelors
Preferred Experience: 1 - 3 Years
• Experience in assessing hosted service architectures (SaaS, PaaS, IaaS)
• Experience performing third party assessments across information security and control domains, using industry tools/frameworks such as the Cloud Security Alliance, evaluation of Service Organization Controls (SOC) attestations.
• Manage supplemental evaluation Service Providers
• Experience with Data Classification, Data Security, and Data Loss Prevention methods and tools
• Experience presenting on complex technical subjects to non-technical stakeholders
State:
Virginia
Company Description:
Performance Food Group is a customer-centric .
US - KY - Shepherdsville
December 16, 2024
112519BR Job Title: Warehouse Associate- 2nd Shift Location: CM Louisville, KY (2251) We Deliver the Goods: • Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much more • Growth...
US - US
November 22, 2024
110487BR • Job Title: • Information Security Analyst • Location: • West Creek-Richmond Corp (0999) • • We Deliver the Goods: • Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching,...