Publix isn#39;t just a pleasure to shop at, it#39;s also one of the Fortune’s best places to work. As a Senior Security Analyst (Governance, Risk, Compliance) you will leverage a broad understanding of IT, regulatory, and cyber security domains to assess the security posture of various aspects of Publix and determine the adequacy of current controls. This opportunity will allow you to further expand and apply your skills to solve critical business and data protection related challenges as part of a team driving strategic governance programs, data security, and system hardening activities. This includes:
- Assessing organizational compliance with regulatory and legal requirements, but strategically helping teams think through the best way to manage risk in accordance with security best practices.
- Assisting teams with system and application hardening initiatives by identifying, researching, and evaluating security controls and compliance requirements and presenting them to relevant stakeholders.
- Serving as a liaison and foster strategic working relationships with technical architects, engineering teams, and the business to inform them of IT controls or requirements as well as ensure security standards are being met.
- Assisting with regulatory related projects such as gap assessments, annual audits, remediation tracking, and secure configuration management.
- Providing security and compliance consultation on new projects pertaining to PCI DSS, cloud security, data privacy, HIPAA, SOX, etc.
- Assisting in third party risk management assessments to evaluate the security of vendors and hosted solutions based on approved information security standards.
- Providing in-depth analysis of security risks to the leadership team to make decisions that protect Publix.
- Assisting in the development, documentation, and presentation of security education, awareness, and training activities for users.
- Conducting reviews to identify and mitigate potential security weaknesses and ensure that all relevant security features applicable to a system are implemented and functional.
- Bachelor’s Degree in Management Information Systems, Computer Science, Information Security, or other analytical disciplines or equivalent experience,
- At least four years of combined experience in Information Security, Compliance, Technology Audit, or a related field,
- Experience with security control frameworks such as ISO 27001, COBIT, NIST, PCI DSS, HITRUST, SOX, HIPAA, etc.,
- Strong written and verbal communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences,
- Excellent analytical and problem-solving skills to perform find resolutions and assist with making contributions for process improvements, and
- Ability to work independently and multi-task effectively.
- At least six years of combined experience in Information Security, Compliance, Technology Audit, or a related field,
- Successful completion of one or more of the following certifications: CISA, CISM, CRISC, CCSP, and/or CISSP,
- Operating system security and hardening experience,
- Experience evaluating the security infrastructure for large enterprise merchants or service providers,
- General understanding of networking and firewall concepts, and
- Working knowledge of audit methodologies, security assessment tools and monitoring methodologies.