INFORMATION SECURITY ANALYST (RISK & COMPLIANCE)

114931BR

Job Title :

Information Security Analyst (Risk & Compliance)

Location :

West Creek-Richmond Corp (0999)

Job Description :

We Deliver the Goods :

Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much more

Growth opportunities performing essential work to support Americas food distribution system

Safe and inclusive working environment, including culture of rewards, recognition, and respect

Position Summary :

Performance Food Group is looking for a talented Information Security Analyst to play a key role in supporting Information and Privacy Risk Management aspects of the company as a member of the Information Security Department. PFG is in the midst of establishing a Risk Management function that focuses on identifying, quantifying, communicating, and tracking risks associated with information assets. Reporting to the Manager of Information Security Risk Management and working with IT and line of business stakeholders, the analyst will have a heavy focus on compliance with internal / external policies / statutes, IT Risk Management, and Third Party Risk.

Position Responsibilities :

Conduct risk assessments and maintain risk register.

Perform assessments of IT controls processes, and systems, identifying gaps and opportunities to enhance designoperational effectiveness while reducing the cost of compliance.

Conduct periodic readouts and risk reviews with IT teams and segment / line of business stakeholders to convey risk and influence decision making.

Assist in maintaining security exception lifecycle, including qualifying associated risk, determining compensating controls, communicating with IT and LOB stakeholders.

Maintain Business Impact Analysis. Work with IT and LOB teams to maintain Business Impact Analysis, establishing risk categorizations for applications and infrastructure based on mission criticality and sensitivity of hosted data.

Assist in development and implementation of Enterprise Crown Jewels program. Work with IT, LOB teams, and security control owners to define and govern control parameters for critical applications and technologies.

KPI / KRI Development and Reporting. Assist in development of control-based Key Risk Indicators and Key Performance Indicators across business segments. Assist in developing associated governance model and metric tiers for consumption by various levels of stakeholders, up to and including the Board of Directors.

Support IT Risk and exception management governance forums across business segments with varying operational models and business context.

Support PFGs Third Party Risk Management Program, assessing third parties for inherent and residual risk based on the nature of their services and their ability to appropriately secure PFG data and provide dependent services.

Negotiate the inclusion of security requirements into third party contract agreements.

Develop and Maintain IT Audit and Control documentation.

Support necessary governance forums (committees, working groups) to ensure sound decision-making and stakeholder communications.

Identify and report on non-compliance with regulatory mandates (i.e. Sarbanes Oxley section 404 PCI DSS, HIPAA, GDPR, CCPA).

Support operational audits as necessary.

Performs other related duties as assigned.

Req Number : 114931BR

Address Line 1 :

12500 West Creek Pkwy

Job Location : Westlake, TX (TX)

Shift : 1st Shift

Full Time / Part Time :

Full Time

EEO Statement :

Performance Food Group and / or its subsidiaries (individually or collectively, the Company) provides equal employment opportunity (EEO) to all applicants and employees, regardless of race, color, national origin, sex, marital status, pregnancy, sexual orientation, gender identity, religion, age, disability, genetic information, veteran status, and any other characteristic protected by applicable local, state and federal laws and regulations. Please click on the following links to review : (1) our EEO Policy (http : / / pfgc.com / Policy) ; (2) the EEO is the Law poster (http : / / pfgc.com / Poster) and supplement (http : / / pfgc.com / Supplement) ; and (3) the Pay Transparency Policy Statement (http : / / pfgc.com / PayTransparency) .

Required Qualifications :

Required Education : Bachelors

Required Experience : 6months - 1 year

Experience in developing, communicating, and presenting security or risk concepts to varying audiences

Knowledge of regulatory requirements and frameworks

Strong teamwork and interpersonal skills

Experience in assisting with process improvement initiatives

Hold relevant security certifications or willingness to pursue additional certifications

Continuous learning mindset

Experience performing IT and security risk assessments, using both qualitative and quantitative methods to identify, quantify, and communicate risk

Working knowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)

Experience with Data Classification, Data Security, and Data Loss Prevention methods and tools, especially Microsoft Azure Information Protection

Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)

Strong process analysis and engineering skills

Experience conducting and documenting business impact analysis, designing and implementing Business Continuity / Disaster Recovery plans

Experience with IT assurance mandates / frameworks such as Sarbanes-Oxley, CobIT

Demonstrated leadership skills

Demonstrated high level of analytical and problem-solving skills

Excellent written and verbal communication skills

Ability to influence cross functional and highly matrixes business and IT stakeholders

Division :

Performance Food Group

Job Category : Information Systems

Preferred Qualifications :

Preferred Education : Bachelors

Preferred Experience : 1 - 3 Years

Experience in assessing hosted service architectures (SaaS, PaaS, IaaS)

Experience performing third party assessments across information security and control domains, using industry tools / frameworks such as the Cloud Security Alliance, evaluation of Service Organization Controls (SOC) attestations.

Manage supplemental evaluation Service Providers

Experience with Data Classification, Data Security, and Data Loss Prevention methods and tools

Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)

Strong process analysis and engineering skills

Experience conducting and documenting business impact analysis, designing and implementing Business Continuity / Disaster Recovery plans

Experience presenting on complex technical subjects to non-technical stakeholders

State : Virginia

Company Description :

Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, Va. Grounded by roots that date back to a grocery peddler in 1885, PFG has a nationwide network of approximately 150 distribution centers, 35,000-plus talented associates, and thousands of valued suppliers across the country. With the goal of helping customers thrive, PFG markets and delivers quality food and related products to independent and chain restaurants, schools, business and industry locations, convenience operations, healthcare facilities, vending distributors, office coffee service distributors, big box retailers, and theaters across the U.S.

Benefits :

Click Here for Benefits Information (https : / / pfgc.com / Careers.aspx#benefits)

Compensation : 70-120k