Senior Security Governance, Risk and Compliance Analyst - Reyes Holdings

Pay Transparency Statement: 


The compensation philosophy reflects the Company’s reasonable expectation at the time of posting. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs.  This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program. 





Position Summary:


The Senior Security Governance, Risk, and Compliance Analyst drives security assessments to enable the global enterprise to identify, assess, treat, and monitor cybersecurity risks. The Senior Security Governance, Risk, and Compliance Analyst will engage technology and security stakeholders across the enterprise, including multiple business units, to document and validate security controls, identify coverage gaps, address security compliance requirements, and provide appropriate, fit-for-business recommendations. This role will collaborate with various members of the security and technology organizations across the globe over the course of day- to-day assignments.


Position Responsibilities may include, but not limited to:



+ Build a Risk Aware Culture by maturing the methods and measures to monitor and report risk, compliance, and assurance efforts through automation and process improvement, which may include use and implementation of GRC technologies


+ Develop the compliance evaluation for the information security management framework based on the following: CIS (Center for Internet Security) Critical Security Controls, NIST 800-53, and PCI-DSS


+ Analyze and improve the unified and flexible security control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations


+ Report on the effectiveness of the framework for roles and responsibilities including ownership, classification, accountability, and protection of information assets


+ Assess and recommend policies, standards, procedures, controls, and security solutions in partnership with key stakeholders to protect the confidentiality, integrity, and availability of the global information technology environment


+ Develop and facilitate a reporting framework to measure the effectiveness and maturity of the information security program


+ Participate in meetings with IT and Business Unit executives to report identified risks or control gaps and provide support for remediation of efforts to reduce identified security risks or gaps


+ Other projects or duties as assigned




Required Skills and Experience:



+ Bachelor’s degree in business administration or a technology-related field with 4+ years of experience working in audit, information security or general IT areas related to risk management, controls assurance, compliance programs, cybersecurity and information security regulations, industry standards, and internal policies frameworks. Or High School Diploma with 7+ years of the above stated experience in lieu of a bachelor’s degree


+ Great people skills and an ability to work well in fast-paced team environment with a wide range of technical and non-technical teams


+ Strong understanding of Information Security and Risk Management practices and principles including audit and regulatory requirements, codes, and industry guidance


+ Ability to communicate effectively with technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants, and senior management


+ Strategic thinker with strong collaboration skills, detailed working knowledge of IT and information security and risk management best practices, and familiarity in implementing enterprise-wide programs


+ Exhibits best practice risk management understanding through a comprehensive knowledge of internal risk controls, risk monitoring, risk assessment and risk management processes


+ Strong interpersonal, written, and oral communication skills


+ Highly self-motivated and directed professional, with keen attention to detail


+ Excellent analytical, problem-solving, and decision-making abilities


+ Able to effectively prioritize tasks in a high-pressure environment


+ Strong customer service and solution-focused orientation


+ This job requires the ability to travel 10% on an annual basis


+ This position must pass a post-offer background and drug test



Preferred Skills and Experience:



+ Master’s Degree


+ CISA, CISSP, CCSK, IAPP/E, IAPP/US, or other professional certifications/associations


+ Experience or background in Application Security, Operation Technology (OT), or Cloud Security



Physical Demands and Work Environment :


Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.



Equal Opportunity Employee & Physical Demands


Reyes Holdings and its businesses are equal opportunity employers. Company policy prohibits discrimination and harassment against any applicant or employee based on race, color, religion, sex, pregnancy or pregnancy-related medical conditions, marital status, sexual orientation, gender identity or expression, age, national origin, citizenship, disability, genetic information, military or veteran status, or any other basis protected by applicable law. In addition, the Company is committed to providing reasonable accommodation to applicants and employees in accordance with applicable law. Requests for accommodation should be directed to your point of contact in the Talent Acquisition or Human Resources departments.


Background Check and Drug Screening


Offers of employment are contingent upon successful completion of a background check and drug screening.


Pay Transparency


Our compensation philosophy embraces diverse factors for fair pay decisions, valuing skills, experience, and the needs of our business. Moreover, this role may have the opportunity to participate in a discretionary incentive program, subject to program rules.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation and gender identity, national origin, disability, or protected veteran status. Drug Free Workplace.