Job Description

Job Description

Albertsons Companies is one of the largest food and drug retailers with 2,300+ stores. The Albertsons Companies family of brands includes some of the most prominent brands in food retailing, with a growing base of loyal shoppers. Thanks to the professionalism, diversity, spirit, and friendliness of our people, we have locations across the U.S.

The Information Security Department has an opening for a Senior Information Security Risk Analyst. This position is located in Phoenix, Arizona or Pleasanton, California.

Position Purpose

The candidate will be responsible for working with cross-functional teams to provide security guidance and assess risks associated with a wide range of technologies. This includes but is not limited to: managing large scale risk/security assessments and projects to validate and remediate identified risks, performing vendor interviews, managing exception requests, and producing reports and metrics.

Develop sustainable strategies and measurement systems to ensure that risk management techniques and strategies can continue to be maintained over time. Foster trusted relationships with Business Partners, Company IT Executives, CISO and other Risk Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.

Key Responsibilities include, but are not limited to:

* Enforce and interpret security policies, procedures and regulatory requirements by performing project, application, cloud, and vendor security risk assessments.
* Provide security consulting on complex issues that involve combinations of platforms and computing environments, especially in areas of e-commerce, cloud-based solutions, and mobile technologies.
* Mitigate vulnerability and configuration deficiencies by conducting investigations of possible security exceptions.
* Perform assessments of vendor risk, develop mitigation plans and partner with internal stakeholders to assign monitoring responsibility
* Implement, update, maintain, document, and improve security programs.
* Maintain awareness of existing and proposed security standard setting groups, State, Federal and international legislation and regulations pertaining to information security, data privacy, and retail and pharmacy operations.
* Perform assessment and/or implementation of appropriate security methods and control techniques such as password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery.
* Prepare status reports for management on security matters and develop security risk analysis scenarios and response procedures.
* Perform periodic assessments of information systems, people and processes to identify security vulnerabilities and develop and execute remediation action plans.
* Assist customers in identifying security controls for the company's networks, application systems, encryption and key management, infrastructures, authentication and authorization.
* Act as a liaison to the business and IT groups and assist them in the implementation of data privacy, compliance requirements, and information security technologies and applications security.
* May lead projects and provide guidance/training to less experienced staff

Qualifications:

* 4 year degree (Computer Science, Information Systems or relational functional field) and/or equivalent combination of education or work experience.
* 10+ year's general information technology experience.
* 7+ years of professional Information Security experience focused on security risk, compliance assessment and remediation.
* 7+ years of professional experience with security tools.
* Strong knowledge of networking, databases, systems, applications, mobile, SaaS and other cloud technologies.
* In-depth knowledge of data security and protection techniques.
* In-depth knowledge of application security, including integration with DevOps practices.
* Experience working with public cloud environments such as Amazon Web Services and Microsoft Azure
* No direct management responsibility, but is highly accountable for the effectiveness, quality and timeliness of project design decisions and how easily these designs can be implemented.
* Professional certifications desired (CISSP, ISACA, GSEC, others).
* Familiar with industry compliance standards as they relate to Software as a Service, such as ISO27001, SOC1 (SSAE16) and SOC2
* Exceptional analytical ability, communication skills and the ability to work effectively with client, IT management and staff, vendors and consultants.
* Strong knowledge of industry frameworks and best practices (ISO, NIST, ANSI X9; and/or others).
* Strong knowledge of regulatory requirements and compliance (PCI, SOX, HIPAA, and/or GLBA).
* Strong knowledge of retail, pharmacy and healthcare operations is a major plus.
* Extensive experience working with diverse groups within dynamic organizations in both IT and business areas.

How to Apply: Interested candidates are encouraged to submit a resume by visiting https://www.albertsonscompanies.com/careers/en/home.html

Diversity is fundamental at Albertsons Companies. We foster an inclusive working environment where the different strengths and perspectives of each employee is both recognized and valued. We believe that building successful relationships with our customers and our communities is only possible through the diversity of our people. A diverse workforce leads to better teamwork and creative thinking, as well as mutual understanding and respect.

The Albertsons Companies policy is to provide employment, training, compensation, promotion, and other conditions of employment without regard to race, color, religion, sexual orientation, gender identity, national origin, sex, age, disability, veteran status, medical condition, marital status, or any other legally protected status.

We support a drug-free workplace -- some positions require applicants offered a position to pass a pre-employment drug test before they are hired.

AN EQUAL OPPORTUNITY EMPLOYER