Job Title:  Staff CyberSecurity Analyst

What You Need To Know

Open the door to a groundbreaking tech career with an industry leader. Southern Glazer’s Wine & Spirits is North America’s preeminent wine and spirits distributor, as well as a family-owned, privately held company with a 50+ year legacy of success. To create a new era in alcohol beverage sales and service, we’re heavily invested in the most transformative new technologies – and the most brilliant tech professionals. Southern Glazer’s was named by Newsweek as a Most Loved Workplace and is included on the Forbes lists for Largest Private Companies and Best Employers for Diversity.

As a full-time employee, you can choose from a full menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition reimbursement, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

We offer continuous learning and career growth in a fast-paced environment where you are respected, your voice is heard, and technology is part of our strategy for success. If you’re looking to fill your glass with opportunity, come join our FAMILY.

Overview

The Staff Cybersecurity GRC Analyst plays a critical role in enhancing the organization's governance, risk management, and compliance frameworks. By expertly managing and monitoring controls, the Staff GRC Analyst facilitates informed decision-making and ensures adherence to compliance standards. The Staff GRC Analyst oversees software, product, and client operations, including continuity and change management, to ensure seamless functionality. This role requires advanced application of concepts and practices to complete assignments of high complexity, often involving novel and untested solutions. The Staff GRC Analyst coordinates work on multiple or cross-functional initiatives, provides direct and indirect leadership, and functions with a high degree of autonomy.

Primary Responsibilities

• Keeps abreast and leads others on industry trends. 
• Monitors trends and reports on process metrics.
• Investigates control gaps and works to implement corrective actions.
• Researches, analyzes, guides and reviews the effectiveness and efficiency of InfoSec procedures.
• Follows established processes, standards, and policies.
• Leads the development and review of documentation, as well as status reports, to ensure it is fully executable and available.
• Acts as policy guardian for the management of processes, including responsibility for standards issuance and revision of procedures or forms, as appropriate.
• Provides training on processes and security management. 
• Designs, executes, and supervises assurance and audit procedures and standards to assess control effectiveness and monitor the risk posture
• Supports and guides operational reporting, communications and governance of SGWS IT processes.
• Leads risk identification and assessment, response and mitigation, and monitor and report on risks.
• Assist with periodic reporting and presentation on status for a variety of GRC-related stakeholder requirements.

Preferred Qualifications

• Master’s degree in information security, IT, or a related field.
• Professional certifications such as CISA, CISM, CRISC, or CISSP.
• Experience leading cross-functional teams is a plus.
• Strong analytical and problem-solving skills.
• Proven ability to manage multiple projects and priorities.
• Advanced knowledge of policy development and dissemination best practices.
• Deep knowledge of information security best practices and standards (e.g., ISO/IEC 27001, ITIL, COBIT, NIST CSF and 800 series).
• Experience with GRC tools and technologies.
• Proficiency in risk management software.
• Strong technical background in IT and information security.
• Experience in the food, beverage, CPG, or distribution industries a plus.

Minimum Qualifications

• Bachelor’s degree in information security, IT, or a related field, or equivalent work experience.
• 8+ years of experience in a GRC (governance, risk, compliance), Information Security, IT, or Audit capacity.
• Proven experience in developing and implementing GRC frameworks and processes.
• Advanced knowledge of IT and security governance principles.
• Experience with risk assessment and mitigation strategies.
• Cloud Governance & Assurance over Cloud Technologies
• Strong understanding of regulatory requirements and compliance standards.
• Experience with information security practices in OT/IOT/ICS environments.
• Experience with major system transformations of ERP, eCommerce, cloud or mobile initiatives.
• Excellent communication and collaboration skills.
• Capable of developing and delivering effective presentations to at all levels within the organization
• Native-level proficiency/fluent in English.

Physical Demands

• Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or mobile device
• Physical demands with activity or condition may occasionally include walking, bending, reaching, standing, squatting, and stooping
• May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement

Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. SGWS complies with all federal, state and local laws concerning consideration of a qualified applicant's arrest and/or criminal conviction records. Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.