What You Need To Know

Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.

As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.

Overview

The Principal Information Security Risk Analyst is responsible for assessing IT risk both internally as well as third parties to help secure SGWS data and information. The person in this position will need to have extensive knowledge of information security risk and third-party risk management, as well as the various technologies within the organization. This position works closely with all IT areas including Infrastructure, Application Development, Database, Network, Security Operations, and IT Compliance.

This position reports directly to the Information Security Risk Manager.

Primary Responsibilities

Risk Management

• Act as an Information Security Risk Management subject matter expert

• Assist the Information Security Risk Manager in the development and maintenance of the risk hierarchy, risk taxonomy, and risk register.

• Conduct regular risk assessments, documents issues, determines risk levels and coordinates with the appropriate subject matter experts to monitor the remediation of deficiencies

• Monitor the established risks in the IT organization and reports on the effectiveness of related mitigating controls

• Work closely with the Information Security Governance and Compliance team and security leadership to ensure cybersecurity policies and practices are designed to help mitigate risk

• Work closely with the Security Architecture team and participates in architecture reviews and project meetings to identify risk impact to the organization

• Participate heavily in the implementation of the ServiceNow Risk Management solution and its regular maintenance and basic bug-fixing. 

Third Party Risk Management

• Responsible for the engagement of all third-party relationships to ensure that adequate controls are in place to protect SGWS data and information

• Assist the Information Security Risk Manager in the development, growth, and maturity of the risk-based third-party assessment and continuous monitoring program within ServiceNow

• Conduct annual vendor risk management reviews of existing third parties based on established risk ratings

• Review new third-party engagements, tracks issues to resolution, provides feedback on required security controls, and ensures contracts contain Southern Glazers' required content

• Review SOC1 & SOC 2 Type 2 reports, vulnerability assessments, penetration test results and additional documentation as required

• Travel to Southern Glazers’ office locations and third-party sites to perform on site security assessments as needed

• Perform other duties as assigned

Preferred Qualifications

• Master’s degree in related field preferred

• Cyber security related professional certifications such as CISSP, CISM, CREST Technical Security Architect, ISO Lead Auditor, CISA, etc., and Vendor certifications in Azure Cloud Technologies, networking and other related technologies.

• Experience in one or more of the following areas: implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus); OT/IOT/SCADA/ICS systems; large enterprise-wide transformation initiatives; experience in food, beverage, CPG, or distribution industries; prior experience working in Audit and/or Operational Security roles.

Minimum Qualifications

• Eight or more years of professional Information Technology/Security experience that includes Third-Party Risk Management, IT Risk Management, cybersecurity, and governance, risk, and compliance (GRC).

• Bachelor’s degree in computer science, information security, information assurance, or related field; or equivalent professional work experience

• Extensive knowledge of IT Risk Management processes and best practices

• Extensive knowledge of Third-Party Risk Management processes and best practices

• Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture

• Proven project management, multitasking and organizational skills

• Experience working with a variety of industry standards, including NIST Cyber Security Framework (CSF), NIST 800-53, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, TOGAF, IEC 62443 or CIS Benchmark

• Knowledge of IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)

Agile Delivery Values

• Openness – Team and stakeholders agree to be open about all work and challenges

• Commitment – Personally commit to achieving the goals of the team

• Respect – Respect your team members to be capable and independent

• Courage – You have courage to do the right thing and work on tough problems

• Focus – Everyone focus on the work in the sprint and the goal of the scrum team. Rise and fall as a team

Physical Demands

• Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device

• Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping

• May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement

Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.

Southern Glazer's Wine and Spirits provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.