Information Security GRC Analyst

Job Description

Job Description

YOUR OPPORTUNITY

We have an exciting Information Security Governance, Risk, and Compliance (GRC) Analyst opportunity in our Merriam, KS office.

In this highly impactful role, you will be a key member of the IT team. This position will perform day-to-day management and execution of the security governance, risk management, and compliance functions across all divisions.

This position will work collaboratively with Information Security Teams in each division to collect and manage data from multiple resources and systems to allow for centralized reporting of the Information Security program effectiveness through risk analysis.

The Information Security GRC Analyst will have knowledge of risk management, security, regulatory compliance, and privacy practices.

They understand and explain to others the cybersecurity requirements for legal and regulatory compliance, including Sarbanes Oxley (SOX), SWIFT, and other applicable federal regulations and statutes.

In addition, they perform security program gap assessments and control readiness reviews and report status to IT leadership.

Effective interpersonal and communication skills and the ability to work with a wide variety of people (IT professionals and leadership, business partners, auditors, and vendors) is required for this role.

ABOUT US

At Seaboard Foods, we create the most sought-after pork. A top U.S. pork producer / processor and leading exporter to 30+ countries, we are committed to bringing excellence to the table, seeking a better way to produce wholesome pork and connect every step between our farms and family tables.

More than 5,400 employees in five states work on our farms, feed mills, and processing plant to produce Prairie Fresh® pork, ensuring the well-being of our animals, the environment, our employees, and the communities we call home.

Our commitment to sustainability is reflected in our renewable gas projects on our farms creating renewable energy. Owned by Seaboard Corporation, a Fortune 500 company, and nominated as one of the Best Places to Work by Kansas City’s Business Journal, we have a dynamic culture where our employees can contribute and understand why they matter.

RESPONSIBILITIES

• Supports the key initiatives / projects focused on reducing technology risk, governance, compliance with policies and external regulatory compliance.
• Supports the centralized GRC platform used by all divisions.
• Performs periodic security program gap assessments on an ongoing basis for all divisions.
• Responsible for SOX, SWIFT, and security audit compliance activities; partners with IT staff and internal and external auditors in reviewing program activities;

gathers information to support compliance efforts and requests from auditors; and provides updates to IT leadership as deemed necessary.

• Participates in addressing exception requests to information security policies and standards across all divisions; works with internal IT and business focal points to document the request, identify business justifications and compensating controls, and present findings to IT Leadership for review and approval.
• Conducts information security vendor risk assessments and provides recommendations for system, network, and application design, implementation, and operational effectiveness controls.
• Works with IT teams to develop corrective action plans for identified findings from internal security controls assessments, vendor risk assessments, internal and external audits, or other security reviews;

tracks remediation efforts to closure.

• Acts as an advisor for divisional security teams to help them understand the security policies and standards.
• Serves as subject matter expert to internal business and technology teams and security teams on risk management activities and industry best practices.

CORE COMPETENCIES FOR SUCCESS IN ALL ROLES : instills trust, communicates effectively, action-oriented, ensures accountability, and drives results.

CRITICAL COMPETENCIES FOR SUCCESS IN ALL ROLES : Tech Savvy, Customer Focus, Decision Quality, Resourcefulness, Interpersonal Savvy, Self-Development, Situational Adaptability

QUALIFICATIONS

Required :

• Minimum two years of relevant experience in the Information Security field with experience in the Governance, Risk, and Compliance disciplines.
• Working knowledge and understanding of information security control frameworks (e.g., CIS Critical Security Controls, ISO 27001, NIST SP800-453, COBIT, ITIL, OWASP, etc.

as well as regulatory requirements (e.g., SOX, SWIFT, PCI, HIPAA, GDPR, CCPA, etc.).

• Fundamental understanding of information risk concepts, risk assessments, and experience administering electronic Governance, Risk, and Compliance tools (e.g., OneTrust).
• Basic knowledge and understanding of IT General Controls and their application across information systems, infrastructure, applications, and cloud-based environments.
• Working knowledge and demonstrated experience working with and understanding information security controls attestation reports (e.

g., SOC1, SOC2, ISO27001, PCI, etc.).

• 2+ years of experience performing information security risk assessments for IT vendors.
• 2+ years of experience communicating information security and controls conceptual and technical information to other IT professionals, business partners, IT Leadership, internal / external auditors, and vendors.
• 2+ years of experience examining information security controls attestation reports to determine effectiveness and impact to an organization and the controls relied upon from the vendors providing services to the organization.

Preferred :

• University degree in IT, Computer Science, Cybersecurity, or a related field.
• Governance, Risk, and Compliance related certifications such as CRISC and CGRC.
• Security+, CISA, or other relevant security related designation(s).
• Ability to determine the protection needs (i.e., security controls) of information systems, infrastructure, applications, and cloud-based environments.
• Knowledge of security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.

and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.).

Knowledge of security principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.).

SCHEDULE

Monday-Friday 8 : 00AM-5 : 00PM, potential for travel & different hours based off needs of business

WORK ENVIRONMENT

The physical and work demands listed here represent those an employee should possess to successfully perform the job's essential functions.

Reasonable accommodation may be made to enable individuals with disabilities to perform essential functions.

• Primarily an office environment with some need to work in the field.
• The noise level in the work environment is dependent on which environment you are in.

WHY SEABOARD FOODS?

• Medical, vision & dental benefits upon hire
• 401K with company match
• Paid Time Off & Company Holidays
• Wellness Program
• Tuition reimbursement
• Employee pork purchase program

For a complete list of our benefits please visit our career site : https : / / www.seaboardfoods.com / careers / why -sbf /

Seaboard Foods is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, gender identity, protected veterans’ status, status as a disabled individual, or any other status protected by law.