Senior Governance and Risk Analyst - Policy and Standards

| San Antonio, TX
Sorry, this job was removed at 7:01 a.m. (CST) on Friday, January 14, 2022
Find out who's hiring in San Antonio, TX.
See all Data + Analytics jobs in San Antonio, TX
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Our Partners thrive The H-E-B Way. As a Senior Governance and Risk Analyst - Policy and Standards, you would have a...
HEART FOR PEOPLE ... you have a passion for mentorship and guidance, and love for the direct person-to-person interactions that create strong bonds between teams
HEAD FOR BUSINESS ... you have an ownership mentality and a consistent track record of timely delivery of high-quality software
PASSION FOR RESULTS ... the ability to guide the discussion, remove roadblocks, and provide guardrails for your team as they identify challenges and propose solutions
The Senior InfoSec Governance and Risk Analyst will perform Information Security and Compliance review and assessment functions for the Digital Security Program and various business units. This role will be responsible for managing, supporting, and improving H-E-B's security and compliance programs across the organization.
ROLE:

  • Work closely with Digital Security leadership to establish and mature the Information Security Program for the organization.
  • Continuously look for ways to improve, strengthen, and scale the company's security and compliance program in coordination with internal and external teams and partners, while prioritizing strategies that focus on improving quality and mitigating risks.
  • Work closely with Partners to oversee their processes and develop the necessary security controls and reporting mechanisms to ensure compliance.
  • Work closely with internal IT personnel and security business partners to implement needed technical security solutions and controls to minimize company exposure.
  • Support security compliance product and program initiatives, audits, and benchmarking of security policies against best practices and standards.
  • Perform and or oversee IT Risk Assessments consisting of static and dynamic vulnerability scans, penetration tests, and remediation planning for identified security gaps.
  • Manage compliance with standards and regulations including HIPAA/HITECH, ISO 27001, NIST, SOC 2 controls, or other security frameworks.
  • Work closely with our third-party assessors on certification audits to obtain and/or maintain certifications.
  • Assist with analysis and documentation of audit remediation actions related to security.
  • Coordinate and provide security responses to questionnaires or internal questions.
  • Clearly communicate information security principles and practices to technical and non-technical audiences both in writing and verbally.
  • Advise the product and engineering teams on internal and external compliance product requirements.
  • Mentor and guide other Governance Risk and Compliance (GRC) Partners in best practices and efficient execution of work streams.
  • Apply critical thinking and experience to improve processes and throughput of work product.
  • Report effective metrics on projects as assigned.
  • Effectively manage assigned projects and report key performance metrics.
  • All other related duties as assigned.


REQUIRED

  • Minimum 5 years' experience in security and compliance with relevant certifications, information security audit, and securing cloud hosted IT systems.
  • Ability to work closely with IT, technical engineers, developers to evaluate, suggest and document controls and procedures to strengthen the cyber security posture.
  • Experience conducting and or participating in risk assessment audits with common control frameworks such as ISO 27000 series, NIST CSF and with regulations and standards such as HIPAA/HITECH.
  • Experience working with companies using various cloud services (AWS, GCP, Azure).
  • Thorough understanding of Software Development Life Cycles, Cyber Security, Social Engineering, IT Compliance and Privacy best practices.
  • Excellent communication skills both written and oral and equally comfortable speaking with internal business users at all levels as well as business partners and vendors.
  • Ability to create, compose, and edit written materials with precision and accuracy.
  • Strong experience working in the Security and Compliance functions.
  • CISSP, CISA, CRISC, or other industry specific certifications preferred.


*** Locations flexible within San Antonio, Dallas and Austin, TX Areas
ISSEC3232

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Similar Jobs

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about H-E-BFind similar jobs