Job Description

Flexible Work Policy: The work for the Business Information Security Lead position is completely 100% remote anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.RESPONSIBILITIES

• Consult on key business initiatives ensuring comprehensive end-to-end identification and risk management
• Help execute the security program in collaboration with Value Stream partner by identifying and remediating risks in accordance with security policies and standards
• Understand business requirements for Value Stream partner and provide security expertise to decision making and road mapping
• Help Value Stream partner understand the need for security as it relates to their line of business and potential impacts, whether regulatory or possible cyber-attacks
• Act as single point of contact in security for the and provide escalation path for significant security concerns and inquiries
• Perform audits, assess risks, and manage/enforce remediation of issues found in security assessments, penetration tests, and internal discovery as related to Value Stream partner
• Provide visibility into current security compliance status through defined set of metrics, benchmarking and providing detailed guidance on vulnerabilities
• Present monthly to Value Stream Lead, sharing prioritized gap analysis, remediation plans and areas of success
• Coach Product Teams to mature their understanding and use of security tools and information
• Understand and articulate impacts to value stream partners in strategy and roadmap conversations within the Information and Cyber Security Team

RELATIONSHIPS

• Internal: Information and Cyber Security Team, Internal and external audit, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, IT PMO and Product Teams
• External: Technology vendors, including software and service providers; customer risk management representative, relevant managed security services, and professional services vendors, value stream vendors

MINIMUM QUALIFICATIONS

• At least 5-7 years of information security experience
• Broad foundational knowledge in many information and cyber security domains with priority given to security risk management and application security
• Familiarity with compliance requirements (PCI, HIPAA, SOX, etc) and with security frameworks such as NIST CSF, ISO 27001, CIS, etc
• Demonstratable experience in building positive working relationships with leaders and associates across multiple areas of the business
• Must have the ability to work independently and make decisions that reflect the policies of the Information and Cyber Security Team
• Experience measuring and tracking cybersecurity risks, issues, and exceptions
• Ability to present complex security topics to a variety of audiences, including senior technical leaders.
• Ability to advise, collaborate, and work in a team environment enabling others to trust your input and seek your guidance
• Ability to influence without authority to drive desired outcomes
• Experience executing security compliance plans, vulnerability management programs, risk management lifecycle, and/or security assessment/governance processes
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
• Proactive self-development, staying current on evolving threat landscape, security trends/best practices, and dynamic regulatory requirements

Education

• Bachelor\xe2\x80\x99s degree from an accredited college/university or equivalent professional experience required

Related Experience/Requirements:

• Experience developing, measuring, and tracking key performance metrics, preferably in a cybersecurity program
• Highly organized, efficient, and attention to detail
• Demonstrable track record of successful development of resources, mentoring, and career guidance
• Strong written and verbal skills enabling effective communication with different levels of leadership

Certifications/Training

• Preferred but not required: SANS GSEC, GCIA (or related), CISSP

Compensation depends on relevant experience and/or education, specific skills, function, geographic location, and other factors as applicable by law. The expected base rate for this role is between $85,000 - $140,000.This role will also receive annual incentive plan bonus.\xe2\x80\x8bBenefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: .#LI-SK1#Remote

US Foods