Senior Information Security Risk Analyst
Employment Type: Full-Time
Senior Information Security Risk Analyst
Albertsons Companies is one of the largest food and drug retailers with 2,300+ stores. The Albertsons Companies family of brands includes some of the most prominent brands in food retailing, with a growing base of loyal shoppers. Thanks to the professionalism, diversity, spirit, and friendliness of our people, we have locations across the U.S.
The Information Security Department has an opening for a Senior Information Security Risk Analyst. This position is located in Phoenix, Arizona.
The candidate will be responsible for working with cross-functional teams to provide security guidance and assess risks associated with a wide range of technologies. This includes but is not limited to managing large scale risk/security assessments and projects to validate and remediate identified risks, performing vendor interviews, managing exception requests, and producing reports and metrics.
Develop sustainable strategies and measurement systems to ensure that risk management techniques and strategies can continue to be maintained over time. Foster trusted relationships with Business Partners, Company IT Executives, CISO and other Risk Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.
Key Responsibilities include, but are not limited to:
* Enforce and interpret security policies, procedures, and regulatory requirements by performing project, application, cloud, and vendor security risk assessments.
* Provide security consulting on complex issues that involve combinations of platforms and computing environments, especially in areas of e-commerce, cloud-based solutions, and mobile technologies.
* Mitigate vulnerability and configuration deficiencies by conducting investigations of possible security exceptions.
* Perform assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to assign monitoring responsibility.
* Implement, update, maintain, document, and improve security programs.
* Maintain awareness of existing and proposed security standard setting groups, State, Federal and international legislation and regulations pertaining to information security, data privacy, and retail and pharmacy operations.
* Perform assessment and/or implementation of appropriate security methods and control techniques such as password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery.
* Prepare status reports for management on security matters and develop security risk analysis scenarios and response procedures.
* Perform periodic assessments of information systems, people, and processes to identify security vulnerabilities and develop and execute remediation action plans.
* Assist customers in identifying security controls for the company's networks, application systems, encryption and key management, infrastructures, authentication, and authorization.
* Act as a liaison to the business and IT groups and assist them in the implementation of data privacy, compliance requirements, and information security technologies and applications security.
* May lead projects and provide guidance/training to less experienced staff.
* 4-year degree (Computer Science, Information Systems, or relational functional field) and/or equivalent combination of education or work experience.
* 7+ year's general information technology experience.
* 5+ years of professional Information Security experience focused on security risk, compliance assessment and remediation.
* 5+ years of professional experience with security tools.
* Strong knowledge of networking, databases, systems, applications, mobile, SaaS and other cloud technologies.
* In-depth knowledge of data security and protection techniques.
* In-depth knowledge of application security, including integration with DevOps practices.
* Experience working with public cloud environments such as Amazon Web Services and Microsoft Azure
* No direct management responsibility, but is highly accountable for the effectiveness, quality and timeliness of project design decisions and how easily these designs can be implemented.
* Professional certifications desired (CISSP, ISACA, GSEC, others).
* Familiar with industry compliance standards as they relate to Software as a Service, such as ISO27001, SOC1 (SSAE16) and SOC2
* Exceptional analytical ability, communication skills and the ability to work effectively with client, IT management and staff, vendors, and consultants.
* Strong knowledge of industry frameworks and best practices (ISO, NIST, ANSI X9; and/or others).
* Strong knowledge of regulatory requirements and compliance (PCI, SOX, HIPAA, and/or GLBA).
* Strong knowledge of retail, pharmacy and healthcare operations is a major plus.
* Extensive experience working with diverse groups within dynamic organizations in both IT and business areas.
Albertsons Companies is at the forefront of the revolution in retail. With a fixation on innovation and building culture, our team is rallying our company around a unique vision: forging a retail winner that is admired for national strength, deep roots in the communities we serve, and a team that has passion for food and delivering great service.
Albertsons Culture Principles
* Compassion: We always treat each other with kindness and respect
* Team: We always support and recognize each other
* Inclusive: We always value everyone's perspective
* Learning: We always strive to grow and develop ourselves and others
* Competitive: We always act with integrity to win over the customer
* Ownership: We always take actions to drive our success
* Work may be performed in a temperature-controlled environment.
* Must sit, stand, or walk for extended periods of time.
* May spend long periods of time at desk or computer terminal.
* Will use keyboards, telephone, and other office equipment during the course of normal workday.
* Stooping, bending, twisting, and reaching may be required in completion of job duties.
* Work day is fast paced; some evening and weekend work may be required.
How to Apply: Interested candidates are encouraged to submit a resume by visiting https://www.albertsonscompanies.com/careers/en/home.html
Diversity is fundamental at Albertsons Companies. We foster an inclusive working environment where the different strengths and perspectives of each employee is both recognized and valued. We believe that building successful relationships with our customers and our communities is only possible through the diversity of our people. A diverse workforce leads to better teamwork and creative thinking, as well as mutual understanding and respect.
The Albertsons Companies policy is to provide employment, training, compensation, promotion, and other conditions of employment without regard to race, color, religion, sexual orientation, gender identity, national origin, sex, age, disability, veteran status, medical condition, marital status, or any other legally protected status.
We support a drug-free workplace -- some positions require applicants offered a position to pass a pre-employment drug test before they are hired.
AN EQUAL OPPORTUNITY EMPLOYER