Business Information Security Lead (Remote) - US Foods
Rosemont, IL
About the Job
ARE YOU A CURRENT US FOODS EMPLOYEE? PLEASE APPLY DIRECTLY THROUGH OUR INTERNAL WORKDAY CAREER SITE (https://www.myworkday.com/usfoods/d/task/2998$47185.htmld)
Join Our Community of Food People!
At US Foods®, innovation and technology is our superpower. By expanding our digital ecosystem and leading with a customer-first mindset, we’re delivering technology that empowers our customers and simplifies business. As we transform the digital landscape of the foodservice industry, we’re outpacing our competitors faster than ever before.
We believe diversity is the cornerstone of creativity and innovation—and we foster an open, inclusive, flexible work environment that supports our transformation.
US Foods is looking for a motivated security professional to join our Information and Cybersecurity Team. This individual will be working within PDL Technology and Innovation organization and will be embedded within the add a few sentences here on the responsibilities of that PDL.
This is a critical role within the Information & Cybersecurity Team. The position is responsible for supporting the value stream in the delivery of their initiatives, as well as responsible for guiding the value stream through the needed actions to ensure security policies and best practices are met. With support from Information & Cyber Security leadership, the Business Information Security team members assess and validate the assurance of the security program, monitors progress and enforces resolution of outstanding issues, and focus on strong risk management and corporate resiliency through a deep partnership and understanding of the Value Stream mission.
Flexible Work Policy: The work for the Business Information Security Lead position is completely 100% remote anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.
RESPONSIBILITIES
• Consult on key business initiatives ensuring comprehensive end-to-end identification and risk management
• Help execute the security program in collaboration with Value Stream partner by identifying and remediating risks in accordance with security policies and standards
• Understand business requirements for Value Stream partner and provide security expertise to decision making and road mapping
• Help Value Stream partner understand the need for security as it relates to their line of business and potential impacts, whether regulatory or possible cyber-attacks
• Act as single point of contact in security for the PDL and provide escalation path for significant security concerns and inquiries
• Perform audits, assess risks, and manage/enforce remediation of issues found in security assessments, penetration tests, and internal discovery as related to Value Stream partner
• Provide visibility into current security compliance status through defined set of metrics, benchmarking and providing detailed guidance on vulnerabilities
• Present monthly to Value Stream Lead, sharing prioritized gap analysis, remediation plans and areas of success
• Coach Product Teams to mature their understanding and use of security tools and information
• Understand and articulate impacts to value stream partners in strategy and roadmap conversations within the Information and Cyber Security Team
RELATIONSHIPS
• Internal: Information and Cyber Security Team, PDL Internal and external audit, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, IT PMO and Product Teams
• External: Technology vendors, including software and service providers; customer risk management representative, relevant managed security services, and professional services vendors, value stream vendors
MINIMUM QUALIFICATIONS
• At least 5-7 years of information security experience
• Broad foundational knowledge in many information and cyber security domains with priority given to security risk management and application security
• Familiarity with compliance requirements (PCI, HIPAA, SOX, etc) and with security frameworks such as NIST CSF, ISO 27001, CIS, etc
• Demonstratable experience in building positive working relationships with leaders and associates across multiple areas of the business
• Must have the ability to work independently and make decisions that reflect the policies of the Information and Cyber Security Team
• Experience measuring and tracking cybersecurity risks, issues, and exceptions
• Ability to present complex security topics to a variety of audiences, including senior technical leaders.
• Ability to advise, collaborate, and work in a team environment enabling others to trust your input and seek your guidance
• Ability to influence without authority to drive desired outcomes
• Experience executing security compliance plans, vulnerability management programs, risk management lifecycle, and/or security assessment/governance processes
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
• Proactive self-development, staying current on evolving threat landscape, security trends/best practices, and dynamic regulatory requirements
Education
• Bachelor’s degree from an accredited college/university or equivalent professional experience required
Related Experience/Requirements:
• Experience developing, measuring, and tracking key performance metrics, preferably in a cybersecurity program
• Highly organized, efficient, and attention to detail
• Demonstrable track record of successful development of resources, mentoring, and career guidance
• Strong written and verbal skills enabling effective communication with different levels of leadership
Certifications/Training
• Preferred but not required: SANS GSEC, GCIA (or related), CISSP
Compensation depends on relevant experience and/or education, specific skills, function, geographic location, and other factors as applicable by law. The expected base rate for this role is between $85,000 - $140,000.
This role will also receive annual incentive plan bonus.
Benefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html .
#LI-SK1
#Remote
*EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status*
Puede ver este sitio de empleo y aplicación en español utilizando la configuración de su navegador o teléfono móvil. Haga clic a continuación para obtener más información.
Microsoft Edge (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/Microsoft_Edge_Spanish_Instructions.pdf)
Google Chrome
Safari
iPhone
Androide (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/Android_Spanish_Instructions.pdf)
US Foods is one of America’s great food companies and a leading foodservice distributor, partnering with approximately 300,000 restaurants and foodservice operators to help their businesses succeed. With 28,000 employees and more than 70 locations, US Foods provides its customers with a broad and innovative food offering and a comprehensive suite of e-commerce, technology and business solutions. US Foods is headquartered in Rosemont, Ill., and generates more than $28 billion in annual revenue. Visit www.usfoods.com to learn more.
US Foods may collect personal information from you in connection with the application process. US Foods complies with the California Privacy Rights Act of 2020, and its policy may be found here (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/USF_CCPA_policy.pdf) .
US Foods, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other basis prohibited by applicable law.
EEO is the Law poster is available here (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .
EEO is the Law poster supplement is available here (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
Pay Transparency policy statement is available here (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf) .
US Foods is committed to working with and providing reasonable accommodation to individuals with disabilities. If reasonable accommodation is needed to participate in the interview process or to perform essential job functions, please contact our US Foods Application Accommodation Line at 855-873-2468. You will be prompted to leave a message. Please state the specifics of the assistance needed and your contact information. A member of our HR department will return your call within two business days.
Join Our Community of Food People!
At US Foods®, innovation and technology is our superpower. By expanding our digital ecosystem and leading with a customer-first mindset, we’re delivering technology that empowers our customers and simplifies business. As we transform the digital landscape of the foodservice industry, we’re outpacing our competitors faster than ever before.
We believe diversity is the cornerstone of creativity and innovation—and we foster an open, inclusive, flexible work environment that supports our transformation.
US Foods is looking for a motivated security professional to join our Information and Cybersecurity Team. This individual will be working within PDL Technology and Innovation organization and will be embedded within the add a few sentences here on the responsibilities of that PDL.
This is a critical role within the Information & Cybersecurity Team. The position is responsible for supporting the value stream in the delivery of their initiatives, as well as responsible for guiding the value stream through the needed actions to ensure security policies and best practices are met. With support from Information & Cyber Security leadership, the Business Information Security team members assess and validate the assurance of the security program, monitors progress and enforces resolution of outstanding issues, and focus on strong risk management and corporate resiliency through a deep partnership and understanding of the Value Stream mission.
Flexible Work Policy: The work for the Business Information Security Lead position is completely 100% remote anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.
RESPONSIBILITIES
• Consult on key business initiatives ensuring comprehensive end-to-end identification and risk management
• Help execute the security program in collaboration with Value Stream partner by identifying and remediating risks in accordance with security policies and standards
• Understand business requirements for Value Stream partner and provide security expertise to decision making and road mapping
• Help Value Stream partner understand the need for security as it relates to their line of business and potential impacts, whether regulatory or possible cyber-attacks
• Act as single point of contact in security for the PDL and provide escalation path for significant security concerns and inquiries
• Perform audits, assess risks, and manage/enforce remediation of issues found in security assessments, penetration tests, and internal discovery as related to Value Stream partner
• Provide visibility into current security compliance status through defined set of metrics, benchmarking and providing detailed guidance on vulnerabilities
• Present monthly to Value Stream Lead, sharing prioritized gap analysis, remediation plans and areas of success
• Coach Product Teams to mature their understanding and use of security tools and information
• Understand and articulate impacts to value stream partners in strategy and roadmap conversations within the Information and Cyber Security Team
RELATIONSHIPS
• Internal: Information and Cyber Security Team, PDL Internal and external audit, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, IT PMO and Product Teams
• External: Technology vendors, including software and service providers; customer risk management representative, relevant managed security services, and professional services vendors, value stream vendors
MINIMUM QUALIFICATIONS
• At least 5-7 years of information security experience
• Broad foundational knowledge in many information and cyber security domains with priority given to security risk management and application security
• Familiarity with compliance requirements (PCI, HIPAA, SOX, etc) and with security frameworks such as NIST CSF, ISO 27001, CIS, etc
• Demonstratable experience in building positive working relationships with leaders and associates across multiple areas of the business
• Must have the ability to work independently and make decisions that reflect the policies of the Information and Cyber Security Team
• Experience measuring and tracking cybersecurity risks, issues, and exceptions
• Ability to present complex security topics to a variety of audiences, including senior technical leaders.
• Ability to advise, collaborate, and work in a team environment enabling others to trust your input and seek your guidance
• Ability to influence without authority to drive desired outcomes
• Experience executing security compliance plans, vulnerability management programs, risk management lifecycle, and/or security assessment/governance processes
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively
• Proactive self-development, staying current on evolving threat landscape, security trends/best practices, and dynamic regulatory requirements
Education
• Bachelor’s degree from an accredited college/university or equivalent professional experience required
Related Experience/Requirements:
• Experience developing, measuring, and tracking key performance metrics, preferably in a cybersecurity program
• Highly organized, efficient, and attention to detail
• Demonstrable track record of successful development of resources, mentoring, and career guidance
• Strong written and verbal skills enabling effective communication with different levels of leadership
Certifications/Training
• Preferred but not required: SANS GSEC, GCIA (or related), CISSP
Compensation depends on relevant experience and/or education, specific skills, function, geographic location, and other factors as applicable by law. The expected base rate for this role is between $85,000 - $140,000.
This role will also receive annual incentive plan bonus.
Benefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html .
#LI-SK1
#Remote
*EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status*
Puede ver este sitio de empleo y aplicación en español utilizando la configuración de su navegador o teléfono móvil. Haga clic a continuación para obtener más información.
Microsoft Edge (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/Microsoft_Edge_Spanish_Instructions.pdf)
Google Chrome
Safari
iPhone
Androide (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/Android_Spanish_Instructions.pdf)
US Foods is one of America’s great food companies and a leading foodservice distributor, partnering with approximately 300,000 restaurants and foodservice operators to help their businesses succeed. With 28,000 employees and more than 70 locations, US Foods provides its customers with a broad and innovative food offering and a comprehensive suite of e-commerce, technology and business solutions. US Foods is headquartered in Rosemont, Ill., and generates more than $28 billion in annual revenue. Visit www.usfoods.com to learn more.
US Foods may collect personal information from you in connection with the application process. US Foods complies with the California Privacy Rights Act of 2020, and its policy may be found here (https://www.usfoods.com/content/dam/usf/pdf/Policies/HR/USF_CCPA_policy.pdf) .
US Foods, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other basis prohibited by applicable law.
EEO is the Law poster is available here (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf) .
EEO is the Law poster supplement is available here (https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
Pay Transparency policy statement is available here (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf) .
US Foods is committed to working with and providing reasonable accommodation to individuals with disabilities. If reasonable accommodation is needed to participate in the interview process or to perform essential job functions, please contact our US Foods Application Accommodation Line at 855-873-2468. You will be prompted to leave a message. Please state the specifics of the assistance needed and your contact information. A member of our HR department will return your call within two business days.
Source : US Foods
