Overview
IT PCI and Risk Security Analyst GRC (Remote) Jobs in California, United States at US Foods
Title: IT PCI and Risk Security Analyst GRC (Remote)
Company: US Foods
Location: California, United States
ARE YOU A CURRENT US FOODS EMPLOYEE? PLEASE APPLY DIRECTLY THROUGH OUR INTERNAL WORKDAY CAREER SITE
Join Our Community of Food People!
At US Foods®, innovation and technology is our superpower. By expanding our digital ecosystem and leading with a customer-first mindset, we’re delivering technology that empowers our customers and simplifies business. As we transform the digital landscape of the foodservice industry, we’re outpacing our competitors faster than ever before.
We believe diversity is the cornerstone of creativity and innovation—and we foster an open, inclusive, flexible work environment that supports our transformation.
US Foods is looking for a motivated security professional to join our Information and Cybersecurity Team. This individual will be working within Technology and Innovation organization and will assist with all critical functions under Governance, Risk, and Compliance, including, security policies, standards, compliance frameworks (i.e. PCI, SOx), data classification & governance, third party risk management, risk lifecycle, cybersecurity crisis management playbooks, KPIs, security awareness training, and cybersecurity communications.
This is a unique role within the Information & Cybersecurity Team. The position is responsible supporting the security strategy and elevating the company’s security posture. With support from Information & Cyber Security leadership, the GRC security analyst assesses and validates the assurance of the security program, monitors progress and enforces resolution of outstanding issues, and focus on strong risk management and corporate resiliency.
Flexible Work Policy: The work for the IT PCI and Risk Security Analyst position is completed remotely anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.Responsibilities
Manage and operate GRC platforms and tools, including, Risk Register, Audit tools, Security Awareness platform, Vendor Risk Management tool, etc.
Assist with the development of security policies and standards.
Perform audits, assess risks, and manage/enforce remediation of issues found in security assessments, penetration tests, and internal discovery.
Serve as liaison for security team to other Technology and Innovation value streams as well as business stakeholders
Maintain third party vendor management standards, questionnaires and documentation to adhere to regulatory compliance and internal standards
Execute communications plans as it pertains to Security Awareness and change management due to changes in US Foods security posture
Contribute to highly visible documentation, including regulatory filings/disclosures and executive briefings
Respond to customer requests for security assessment surveys
Be an advocate in building a culture of security across the enterprise
SUPERVISION
N/A
RELATIONSHIPS
Internal: Internal and external audit, IT Value Stream teams such as supply chain, commercial, and Data, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, and Supply Chain Technology teams
External: Technology vendors, including software and service providers; customer risk management representative, relevant managed security services, and professional services vendors
WORK ENVIRONMENT
This role has been segmented as “”Remote “” meaning works remotely. Can live anywhere in continental US and Alaska. Travel as n…
