at Reyes Holdings in Rosemont, Illinois, United States
Job Description
Overview
Reyes Holdings is a global leader in the production and distribution of food and beverage products. Our five business units service client accounts across 43 states in the United States and 19 countries worldwide – meaning the sun never sets on Reyes Holdings. We continue as a family-owned and operated business, true to how we began in 1976. We’re known for excellence, motivated by safety, and rooted in relationships. Our top priority is our people – all 33,000+ of our employees. We’ve created a workplace where our diverse team has the ability to thrive, challenge one another to continually reach higher, and support each other on our Journey Forward together.
Responsibilities
Pay Transparency Statement:?
The compensation philosophy reflects the Company’s reasonable expectation at the time of posting. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs. ?This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.?
Position Summary:
The Senior Governance Analyst role will leverage advanced skills to help protect the organization from the activities of cyber criminals, such as hackers and developers of malicious software. This position will work closely with our Threat & Vulnerability teams as well as our Security Incident Response team to help identify and mitigate security risks. There are several areas of work that help assess and document these risks, including adherence to standards and any exceptions to them, as well as the assessment of vendors. This position will also help our internal groups as they seek to implement solutions to business needs within the structure of our security standards, identifying where they would be challenged and how we can apply controls to these areas. This position will also assess the risk of existing and potential new business partners that Reyes Family of Businesses (RFB) is engaging by reviewing the relevant security policies and practices of those vendors.
Position Responsibilities may include, but not limited to:
+ Interface with RH IT and Business Units where clarification of security standards is required
+ Evaluate requests for variance from standards, including identification of risks and suitable compensating controls
+ Follow up on expiring requests, and report on outstanding requests
+ Identify prospective vendors and partners which may require security assessment
+ Interface with business partners considering a potential partner to identify relevant usage characteristics
+ Request security assessment information from prospective vendors and evaluate results and evidence submitted to gauge risks involved
+ Prepare assessment reports to inform business partners of overall risk presented by the prospective partners and suggest any needed controls
+ Other projects or duties as assigned
Qualifications
Required Skills and Experience:
+ Bachelor’s Degree in Engineering, Computer Science, or other IT related field and 2+ years of experience working in a security risk assessment or security-focused compliance role OR High School Diploma and 5+ years of experience working in a security role involving risk assessment and security compliance/testing
+ 2+ years of experience writing, communicating, or interpreting security standards with an ability to determine applicability of standards to engineering projects, and the insight to identify gaps in standards coverage
+ 2+ years of experience in evaluating, negotiating, and managing information security risks and/or exceptions and associated processes
+ 2+ years of experience with assessment tools such as SIG, VSA, and CAIQ
+ 2+ years of experience with risk assessment methodology such as CIS-RAM
+ Ability to interface with a wide range of roles in technical and business capacities
+ In-depth knowledge of PCs, servers, firewalls, TCP/IP & protocols, network admin tools, intrusion detection systems, anti-virus software, Active Directory, data encryption, and other industry-standard techniques and practices
+ Working technical knowledge of current systems software, protocols, procedures, and standards
+ Working knowledge of industry standard security tools such as Zscaler, common enterprise AV solutions, etc.
+ Experience assessing third-party risk
+ Must possess a willingness to learn, a positive attitude, ambition, high energy, and self-motivation
+ Strong collaboration skills – able to work in a team-oriented collaborative environment
+ Excellent verbal and written communication skills to interface with managers, staff, customers, and vendors at all levels within the company
+ Ability to effectively prioritize and execute tasks in a high-pressure environment
+ Strong problem-solving skills – applied skills in critical thinking and analysis, (communications) meeting facilitation, and (collaboration) interpersonal interactions
+ Strong skills for process and design documentation
+ Travel – Occasional, based on issues, system requirements, training, etc.
+ This position must pass a post-offer background and drug test
Preferred Skills and Experience:
+ Medium to large global enterprise size environment experience
+ Security related experiencedesigning/implementing/administrating Enterprise solutions
+ Familiarity with risk assessment frameworks such as NIST RMF, ISO 27005, OCTAVE
+ Familiarity with audit reports such as SOC 2 Type II and ISO 27001 certification
+ Familiarity with privacy regulation including GDPR, CCPA, PCI-DSS, and HIPAA
+ Certified Information System Security Professional (CISSP)
+ Certified Information Security Manager (CISM)
+ Certified Security Analyst (CSA)
+ Certified Information Systems Auditor (CISA)
+ Certified Cloud Security Professional (CCSP)
+ AWS, Azure, Cisco Certified Security Professional (CCSP)
Physical Demands and Work Environment :
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.
ID 2024-12258
Category Information Technology and Technical Support Position Type Regular Full-Time Location : Location US-IL-Rosemont
As an Equal Opportunity Employer, Reyes Holdings companies will recruit and select applicants for employment solely on the basis of their qualifications. Our Practices and Procedures, including those relating to wages, benefits, transfers, promotions, terminations and self-development opportunities, will be administered without regard to race, color, religion, sex, sexual orientation and gender identity, age, national origin, disability, or protected veteran status and all other classes protected by the Federal and State Government. Drug Free Employer.
