Sr Info Security Analyst - GRC

Overview

H-E-B is one of the largest, independently owned food retailers in the nation operating over 400 stores throughout Texas and Mexico, with annual sales generating over $25 billion. Described by industry experts as a daring innovator and smart competitor, H-E-B has led the way with creative new concepts, outstanding service and a commitment to diversity in our workforce, workplace and marketplace. H-E-B offers a wealth of career opportunities to our 110,000 Partners (employees), competitive compensation and benefits program and comprehensive training that lead to successful careers.

Responsibilities

H-E-B is a leading innovator in technology, and recently we’ve been investing in our customers’ digital experience. Our Digital Technology Partners collaborate to design, construct, implement, and support technology solutions, using the best available technologies to deliver modern engagement, reliability, and scalability to meet customer needs.

As a Senior Governance, Risk, & Compliance (GRC) Analyst, you’ll assess and document H-E-B information asset compliance and risk posture. You may coach and mentor.

Once you’re eligible, you’ll become an Owner in the company, so we’re looking for commitment, hard work, and focus on quality and Customer service. “Partner-owned” means our most important resources—People—drive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company.

Do you have a:

HEART FOR PEOPLE… strong interpersonal skills?

HEAD FOR BUSINESS… ability to stay current on technology trends and quickly learn new technologies?

PASSION FOR RESULTS… drive to support due diligence related to vendor and third-party processes?

We are looking for:

-  5 years of related experience

What is the work?

Analytics / Information Technology / Auditing:

-  Contributes to development / continuous improvement of H-E-B security program goals and objectives

-  Leads development / implementation of system-wide risk management function to ensure information security risks are identified / monitored

-  Serves as SME and advisor to help manage risk at an acceptable level

-  Collaborates to define information security policies, standards, and procedures, and to ensure controls are adequate, appropriate, effective

-  Establishes / maintains control objectives and procedures; maintains a risk register to identify / evaluate / prioritize / monitor risk findings to be reported to executive committee

-  Performs internal risk assessments; validates effectiveness of security controls; recommends appropriate actions to mitigate risks; assesses / evaluates / makes recommendations related to adequacy of security controls

-  Supports vendor due-diligence process; helps define overall third-party risk management efforts

-  Supports internal and external audit processes for related compliance requirements

-  Supports vulnerability management efforts (e.g., remediation tracking, status reporting, enhancements)

-  Liaises with external auditors on regulatory assessments

-  Stays current on developing regulatory concerns and changing IT and InfoSec trends

-  Establishes / maintains robust reporting processes related to security topics

-  May coach and mentor

What is your background?

-  A related degree or comparable formal training, certification, or work experience

-  5 years of experience in information security, IT risk management, or IT compliance

-  Experience in IT systems, security policies, standards, industry trends, and techniques

-  Experience with secure network protocols and communications encryption between networked hosts

-  Experience working with hybrid cloud infrastructures

-  Experience defining / delivering systems support strategy (business analysis, requirements gathering)

-  Experience in policy development and designing information security controls

-  One or more professional security certifications (e.g., CISSP, CISA, CISM, CRISC)

Do you have what it takes to be a fit as a Senior GRC Analyst at H-E-B?

-  Strong working knowledge of security issues for desktop, virtual, cloud services, and network infrastructures; of risk management methodologies, frameworks, and principles (e.g. NIST, ISO 27001, ITIL, PCI, CCPA, SOC 2, SOX, etc.)

-  Understanding of IT GRC / IRM platforms including ServiceNow

-  Strong interpersonal and relationship-building skills

-  Strong communication and presentation skills

-  Strong problem-solving skills

-  Time management and prioritization skills; detail-oriented

-  Ability to quickly connect business requirements with the functional capabilities of a GRC platform

-  Ability to professionally handle confidential information

-  Ability to meet deadlines and prioritize appropriately on concurrent projects with urgency and ownership

-  Ability to analyze for potential future issues

-  Ability to stay current on technology trends and quickly learn new technologies

-  Ability to cope well with change and maintain composure under high-pressure situations

-  Ability to communicate and collaborate at all levels

-  Ability to articulate risk in terms of business impact and suggest reasonable strategies for mitigation

Can you...

-  Function in a fast-paced, retail, office environment

-  Work extended hours / sit for extended periods