Information Security GRC Analyst

Information Security Governance, Risk, and Compliance (GRC) Analyst We have an exciting Information Security Governance, Risk, and Compliance (GRC) Analyst opportunity in our Merriam, KS office. In this highly impactful role, you will be a key member of the IT team. The Information Security GRC Analyst manages and executes security governance, risk management, and compliance functions across all divisions, collaborating with Information Security Teams to centralize reporting and risk analysis. This role requires expertise in risk management, security, regulatory compliance, privacy practices, and an understanding of cybersecurity requirements for legal and regulatory standards. Strong interpersonal and communication skills are essential to work effectively with IT professionals, leadership, business partners, auditors, and vendors. ABOUT US At Seaboard Foods, we create the most sought-after pork. A top U.S. pork producer/processor and leading exporter to 30+ countries, we are committed to bringing excellence to the table, seeking a better way to produce wholesome pork and connect every step between our farms and family tables. More than 5,400 employees in five states work on our farms, feed mills, and processing plant to produce Prairie Fresh ® pork, ensuring the well-being of our animals, the environment, our employees, and the communities we call home. Our commitment to sustainability is reflected in our renewable gas projects on our farms creating renewable energy. Owned by Seaboard Corporation, a Fortune 500 company, and nominated as one of the “Best Places to Work” by Kansas City’s Business Journal, we have a dynamic culture where our employees can contribute and understand why they matter. RESPONSIBILITIES This list is not intended to be all-inclusive, and other duties may be assigned. Supports the key initiatives/projects focused on reducing technology risk, governance, compliance with policies and external regulatory compliance. Performs periodic security program gap assessments on an ongoing basis for all divisions. Responsible for SOX and security audit compliance activities; partners with IT staff and internal and external auditors in reviewing program activities; gathers information to support compliance efforts and requests from auditors; and provides updates to IT leadership as deemed necessary. Participates in addressing exception requests to information security policies and standards across all divisions; works with internal IT and business focal points to document the request, identify business justifications and compensating controls, and presents findings to IT Leadership for review and approval. Conducts information security vendor risk assessments and provides recommendations for system, network, and application design, implementation, and operational effectiveness controls. Works with IT teams to develop corrective action plans for identified findings from internal security controls assessments, vendor risk assessments, internal and external audits, or other security reviews; tracks remediation efforts to closure. Contribute to the creation, maintenance, and revision of information security policies and standards, and serve as an advisor to divisional security teams, supporting their understanding and implementation of these policies and standards. Serves as subject matter expert to internal business and technology teams and security teams on risk management activities and industry best practices. CORE COMPETENCIES FOR SUCCESS IN ALL ROLES instills trust, communicates effectively, action-oriented, ensures accountability, and drives results. QUALIFICATION REQUIREMENTS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required or preferred. Required: Minimum two years of relevant experience in the Information Security field with experience in the Governance, Risk, and Compliance disciplines. Working knowledge and understanding of information security control frameworks (e.g., CIS Critical Security Controls, ISO 27001, NIST SP800-453, COBIT, ITIL, OWASP, etc.), as well as regulatory requirements (e.g., SOX, SWIFT, PCI, HIPAA, GDPR, CCPA, etc.). Ability to implement automation and engineering solutions to improve GRC processes; experience or willingness to automate manual tasks and use engineering tools is preferred. Fundamental understanding of information risk concepts, risk assessments, and experience administering electronic Governance, Risk, and Compliance tools (e.g., OneTrust). Basic knowledge and understanding of IT General Controls and their application across information systems, infrastructure, applications, and cloud-based environments. Working knowledge and demonstrated experience working with and understanding information security controls attestation reports (e.g., SOC1, SOC2, ISO27001, PCI, etc.). 2+ years of experience performing information security risk assessments for IT vendors. 2+ years of experience communicating information security and controls conceptual and technical information to other IT professionals, business partners, IT Leadership, internal / external auditors, and vendors. 2+ years of experience examining information security controls attestation reports to determine effectiveness and impact to an organization and the controls relied upon from the vendors providing services to the organization. Preferred: University degree in IT, Computer Science, Cybersecurity, or a related field. Governance, Risk, and Compliance related certifications such as CRISC and CGRC. Security+, CISA, or other relevant security related designation(s). Ability to determine the protection needs (i.e., security controls) of information systems, infrastructure, applications, and cloud-based environments. Knowledge of security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.). Knowledge of security principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.). SCHEDULE Monday-Friday 8:00AM-5:00PM, potential for travel & different hours based off needs of business WORK ENVIRONMENT The physical and work demands listed here represent those an employee should possess to successfully perform the job's essential functions. Reasonable accommodation may be made to enable individuals with disabilities to perform essential functions. Primarily an office environment with some need to work in the field. The noise level in the work environment is dependent on which environment you are in. WHY SEABOARD FOODS? THIS COMPANY IS AN EQUAL OPPORTUNITY EMPLOYER, AND DOES NOT DISCRIMINATE ON THE BASIS OF RACE, GENDER, ETHNICITY, RELIGION, NATIONAL ORIGIN, AGE, DISABILITY, VETERAN STATUS, OR ANY OTHER BASIS PROHIBITED BY LAW. INFORMATION ON RACE, GENDER, AND NATIONAL ORIGIN WILL ONLY BE USED FOR STATISTICAL AND RECORDKEEPING PURPOSES, AND WILL NOT BE USED IN MAKING ANY EMPLOYMENT DECISIONS. ALL INFORMATION PROVIDED WILL BE KEPT SEPARATE FROM YOUR EXPRESSION OF INTEREST. PROVING THIS INFORMATION IS STRICTLY VOLUNTARY, AND YOU WILL NOT BE SUBJECTED TO ANY ADVERSE ACTION OR TREATMENT IF YOU CHOOSE NOT TO PROVIDE THIS INFORMATION. IF YOU DO NOT CHOOSE TO ANSWER THESE QUESTIONS, WE ASK THAT YOU SELECT "DECLINE TO IDENTIFY" FOR EACH QUESTION. THANK YOU FOR YOUR VOLUNTARY COOPERATION. #J-18808-Ljbffr