Job Information
Southern Glazer's Wine and Spirits Principal Information Security Analyst in Dallas, Texas
What You Need To Know
Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.
As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.
We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.
Overview
The Principal Information Security Risk Analyst is responsible for assessing IT risk both internally as well as third parties to help secure SGWS data and information. The person in this position will need to have extensive knowledge of information security risk and third-party risk management, as well as the various technologies within the organization. This position works closely with all IT areas including Infrastructure, Application Development, Database, Network, Security Operations, and IT Compliance.
This position reports directly to the Information Security Risk Manager.
Primary Responsibilities
Risk Management
Act as an Information Security Risk Management subject matter expert
Assist the Information Security Risk Manager in the development and maintenance of the risk hierarchy, risk taxonomy, and risk register.
Conduct regular risk assessments, documents issues, determines risk levels and coordinates with the appropriate subject matter experts to monitor the remediation of deficiencies
Monitor the established risks in the IT organization and reports on the effectiveness of related mitigating controls
Work closely with the Information Security Governance and Compliance team and security leadership to ensure cybersecurity policies and practices are designed to help mitigate risk
Work closely with the Security Architecture team and participates in architecture reviews and project meetings to identify risk impact to the organization
Participate heavily in the implementation of the ServiceNow Risk Management solution and its regular maintenance and basic bug-fixing.
Third Party Risk Management
Responsible for the engagement of all third-party relationships to ensure that adequate controls are in place to protect SGWS data and information
Assist the Information Security Risk Manager in the development, growth, and maturity of the risk-based third-party assessment and continuous monitoring program within ServiceNow
Conduct annual vendor risk management reviews of existing third parties based on established risk ratings
Review new third-party engagements, tracks issues to resolution, provides feedback on required security controls, and ensures contracts contain Southern Glazers' required content
Review SOC1 & SOC 2 Type 2 reports, vulnerability assessments, penetration test results and additional documentation as required
Travel to Southern Glazers’ office locations and third-party sites to perform on site security assessments as needed
Perform other duties as assigned
Preferred Qualifications
Master’s degree in related field preferred
Cyber security related professional certifications such as CISSP, CISM, CREST Technical Security Architect, ISO Lead Auditor, CISA, etc., and Vendor certifications in Azure Cloud Technologies, networking and other related technologies.
Experience in one or more of the following areas: implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus); OT/IOT/SCADA/ICS systems; large enterprise-wide transformation initiatives; experience in food, beverage, CPG, or distribution industries; prior experience working in Audit and/or Operational Security roles.
Minimum Qualifications
Eight or more years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, cybersecurity, and governance, risk, and compliance (GRC).
Bachelor’s degree in computer science, information security, information assurance, or related field; or equivalent professional work experience
Extensive knowledge of IT Risk Management processes and best practices
Extensive knowledge of Third-Party Risk Management processes and best practices
Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture
Proven project management, multitasking and organizational skills
Experience working with a variety of industry standards, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, TOGAF, IEC 62443 or CIS Benchmark
Knowledge of IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
Agile Delivery Values
Openness – Team and stakeholders agree to be open about all work and challenges
Commitment – Personally commit to achieving the goals of the team
Respect – Respect your team members to be capable and independent
Courage – You have courage to do the right thing and work on tough problems
Focus – Everyone focus on the work in the sprint and the goal of the scrum team. Rise and fall as a team
Physical Demands
Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs
EEO Statement
Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.
Southern Glazer's Wine and Spirits provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Southern Glazer's Wine and Spirits
- Southern Glazer's Wine and Spirits Jobs