United Natural Foods Inc

Apply for this job

GRC Security Analyst-Remote (Finance)



Purpose:

The GRC Security Analyst is responsible for working across the organization with all levels of individuals as well as with external auditors to implement and execute on a comprehensive Security Governance and Compliance program. This role is responsible for coordinating and reporting on IT portions of internal and external audits, review findings and work with the impacted areas to develop, track, and complete remediation plans. The Analyst role will work with the GRC management to execute and maintain a robust IT compliance program that proactively manages audits and assessments and risks to the enterprise. This role will also contribute to the Identity and Access Governance program, security policy and standard development, and cyber security awareness program. The GRC Analyst will have responsibility for executing access reviews to ensure access remains appropriate. The GRC Analyst will have responsibility for executing on the GRC team's security awareness program to include conducting security awareness training and tracking results through metrics.

Job Responsibilities:

  • Conducts regular access reviews on critical systems to ensure access is appropriate.
  • Ensures overall compliance with regulatory requirements, including but not limited to PCI, SOX, HIPAA, etc.
  • Conducts assessments to identify gaps and make sound recommendations for improvement. Identify acceptable levels of residual risk, and assist with action plans, policy, and procedural changes for risk mitigation.
  • Conduct and monitor the enterprise security awareness program; ensure compliance across the organization.
  • Determine threats, identify risks and vulnerabilities to the organization, maintains and updates control framework.
  • Assists with the build out of an enterprise GRC technology platform, development, and documentation of application functionality.
  • Assist with the development of the Identity and Access Governance function and drive the execution and implementation of the program.
  • Prepares documentation and reports requiring minimal revision by management.
  • Meets with various management groups to facilitate efficient and effective compliance projects and services.
  • With minimal supervision, holds discussions with management regarding control weaknesses and prepare reports to management communicating results including recommendations to improve technology and business practices.
  • Identifies opportunities and provides solutions for improvement, such as automation, to compliance processes.
  • Monitors progress and status of multiple concurrent assigned compliance projects to ensure completion within budgeted timeframes, reporting any timing issues to management in a timely manner.
  • Collaborates with, internal and external auditors.
  • Performs other duties as assigned.

Job Requirements:

Education/Certification:

  • Bachelor's degree in computer information systems, Information Technology, Accounting, and Finance or related field is preferred.

Experience:
  • 1-3 years of experience in security governance, risk, and compliance, or related field preferred

Knowledge/Skills/Abilities:
  • Must possess a strong working knowledge in the following areas: operating systems, applications, operations (batch processing, monitoring) networking and telecommunications, databases, and logical security.
  • In-Depth knowledge of internal control concepts, principles, risk analysis, Sarbanes-Oxley Compliance, PCI Compliance, HIPAA, Privacy, process improvement and techniques, including COSO and COBIT frameworks.
  • Requires excellent analytical and communications skills to learn customer business objectives, evaluate risks and plan, supervise and control compliance and other activities.
  • Proficient in MS Office tools (Excel, Word, etc.)
  • Must have excellent verbal, written and presentation skills, a high degree of personal integrity and ability to work under limited supervision. Supervisory skills, ability to work well with others in a team environment and ability to produce results through others is required.
  • Must be capable of working under minimum supervision, planning and conducting compliance assignments and directing the activities of staff as required.
  • Good judgment is required for this position as there may be times when direct supervision may not be immediately available.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.

Additional Information:

Schedule: Full-time Apply

Apply Here done