Principal Information Security Analyst

Greendale, WI, United States

Southern Glazer's Wine & Spirits Southern Glazer's is the premier beverage distributor for wines, spirits, beer, and non-alcoholic products in the U.S. and Canada. View company page

Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.

As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.

Overview The Principal Information Security Risk Analyst is responsible for assessing IT risk both internally as well as third parties to help secure SGWS data and information. The person in this position will need to have extensive knowledge of information security risk and third-party risk management, as well as the various technologies within the organization. This position works closely with all IT areas including Infrastructure, Application Development, Database, Network, Security Operations, and IT Compliance.

This position reports directly to the Information Security Risk Manager.

Primary Responsibilities Act as an Information Security Risk Management subject matter expert

Assist the Information Security Risk Manager in the development and maintenance of the risk hierarchy, risk taxonomy, and risk register.

Conduct regular risk assessments, documents issues, determines risk levels and coordinates with the appropriate subject matter experts to monitor the remediation of deficiencies

Monitor the established risks in the IT organization and reports on the effectiveness of related mitigating controls

Work closely with the Information Security Governance and Compliance team and security leadership to ensure cybersecurity policies and practices are designed to help mitigate risk

Work closely with the Security Architecture team and participates in architecture reviews and project meetings to identify risk impact to the organization

Participate heavily in the implementation of the ServiceNow Risk Management solution and its regular maintenance and basic bug-fixing.

Third Party Risk Management

Responsible for the engagement of all third-party relationships to ensure that adequate controls are in place to protect SGWS data and information

Assist the Information Security Risk Manager in the development, growth, and maturity of the risk-based third-party assessment and continuous monitoring program within ServiceNow

Conduct annual vendor risk management reviews of existing third parties based on established risk ratings

Review new third-party engagements, tracks issues to resolution, provides feedback on required security controls, and ensures contracts contain Southern Glazers' required content

Review SOC1 & SOC 2 Type 2 reports, vulnerability assessments, penetration test results and additional documentation as required

Travel to Southern Glazers’ office locations and third-party sites to perform on site security assessments as needed

Perform other duties as assigned

Preferred Qualifications Master’s degree in related field preferred

Cyber security related professional certifications such as CISSP, CISM, CREST Technical Security Architect, ISO Lead Auditor, CISA, etc., and Vendor certifications in Azure Cloud Technologies, networking and other related technologies.

Experience in one or more of the following areas: implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus); OT/IOT/SCADA/ICS systems; large enterprise-wide transformation initiatives; experience in food, beverage, CPG, or distribution industries; prior experience working in Audit and/or Operational Security roles.

Minimum Qualifications Eight or more years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, cybersecurity, and governance, risk, and compliance (GRC).

Bachelor’s degree in computer science, information security, information assurance, or related field; or equivalent professional work experience

Extensive knowledge of IT Risk Management processes and best practices

Extensive knowledge of Third-Party Risk Management processes and best practices

Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture

Proven project management, multitasking and organizational skills

Experience working with a variety of industry standards, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, TOGAF, IEC 62443 or CIS Benchmark

Knowledge of IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)

Agile Delivery Values Openness – Team and stakeholders agree to be open about all work and challenges

Commitment – Personally commit to achieving the goals of the team

Respect – Respect your team members to be capable and independent

Courage – You have courage to do the right thing and work on tough problems

Focus – Everyone focus on the work in the sprint and the goal of the scrum team. Rise and fall as a team

Physical Demands Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device

Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping

May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.

Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr