What You Need To Know
Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.
As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.
We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.
Overview
The Principal Information Security Risk Analyst is responsible for planning and monitoring risk remediation/mitigation planning based on internal and external assessments and audits. The person in this position will need to have extensive knowledge of information security risk and third-party risk management, as well as IT systems architectural concepts and business
processes. This position works closely with all IT areas including Infrastructure, Application Development, Database, Network, Security Operations, and various business functions.
This position reports directly to the Manager of Information Security Governance and Risk Management.
Specialized Skills and Technologies
- Knowledge of cybersecurity policies, regulations, and security frameworks
- Familiarity with network technologies and protocols (switches, routers, firewalls, VPNs, remote connection technologies, and multiple domain environments)
- Understanding and comprehension of a wide range of compliance and technology frameworks
- Ability to analyze and solve problems, think outside of the box, and grasp technical concepts
- Excellent attention to detail
- Ability to support industry standard third-party questionnaires (SIG, SIG Lite, NIST, CAIQ, etc.)
- Proven ability to maintain an IT risk register, perform risk assessments, and provide risk reporting and metrics
- Articulate ideas in a business and user-friendly language
- Effective communication and decision-making
- Able to work remotely with minimal supervision
- Dedicated team player who can work across multiple functions and disciplines
- Capable of developing and delivering effective presentations to at all levels within the organization
Primary Responsibilities
- Risk Management & Remediation
- Act as an Information Security Risk Management subject matter expert
- Assist the Information Security Risk Manager and GRC Director in the development and maintenance of the risk register and remediation plans.
- Conduct regular risk assessments, document issues and exceptions, determine risk levels, and coordinate with the appropriate subject matter experts to monitor the remediation of deficiencies.
- Monitor the established risks in the IT organization and report on the effectiveness of related mitigating controls.
- Work closely with the Information Security Governance and Compliance teams and with Information Security leadership to ensure cybersecurity policies, standards, and practices are well designed, applicable, and adequately support risk mitigation.
- Work closely with the Security Architecture team, participate in architecture reviews and project meetings, to identify the risk and potential impact of new projects and architectural changes to IT and the organization.
- Participate heavily in the implementation of the ServiceNow Risk Management solution and its regular maintenance.
- Assist with periodic reporting and presentation on status for a variety of risk-related stakeholder requirements.
Preferred Qualifications
- Master’s degree in related field preferred.
- Cyber security related certifications such as CISSP, CISM, CISA, etc.
- Vendor certifications from Cloud Service Providers, Networking, Operational Technologies, and related areas.
- Experience in one or more of the following areas: implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus); experience with OT/IOT/ICS environments; experience with major system transformations of ERP, OT, eCommerce, and mobile initiatives; Third-party InfoSec risk management including review of SOC and vulnerability reviews.
- Experience in the food, beverage, CPG, or distribution industries a plus.
Minimum Qualifications
- 8+ years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, Remediation oversight, cybersecurity, and governance, risk, and compliance (GRC).
- Bachelor’s degree in computer science, information security, information assurance, or related field; or equivalent professional work experience.
- Extensive knowledge of IT Risk Management processes and best practices.
- Extensive knowledge of Third-Party Risk Management processes and best practices.
- Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture.
- Proven project management, multitasking and organizational skills.
- Identify emerging Technology risk and mitigation for areas such as Artificial Intelligence, Machine Learning, and Robotics Technologies.
- Experience working with a variety of industry standards, including NIST Cyber Security Framework (CSF), NIST 800-53, NIST 800-82, TOGAF, Purdue Model, IEC62443, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
- Knowledge of IT & OT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
Agile Delivery Values
- Openness – Team and stakeholders agree to be open about all work and challenges
- Commitment – Personally commit to achieving the goals of the team
- Respect – Respect your team members to be capable and independent
- Courage – You have courage to do the right thing and work on tough problems
- Focus – Everyone focus on the work in the sprint and the goal of the scrum team. Rise and fall as a team
Physical Demands
- Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
- Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
- May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs
EEO Statement
Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. SGWS complies with all federal, state and local laws concerning consideration of a qualified applicant's arrest and/or criminal conviction records. Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.
