Address
Form of work
SalaryA great job-and a great future-awaits you at Smithfield Foods. We’re an $18 billion U.S. food company with nearly 60,000 employees worldwide. We’re looking for motivated people who want to join our team and grow lasting and meaningful careers with us. Join our family today. Apply Now!
Your Opportunity
Our team members receive industry-competitive salaries and are eligible for great benefits packages:
Competitive Pay: $66,000 - $69,250 annually
Annual Bonus Earning Potential
Comprehensive Health Insurance, Retirement Benefits and More
Education benefit available to full and part-time Smithfield team members on their first day of employment.
In addition, we offer opportunities for career growth, professional development, and tuition assistance.
The Cybersecurity Risk Analyst is responsible for executing various cyber risk management initiatives such as risk assessments, 3rd party risk assessments, and security control assessments.
The position aims to provide skilled technical and information security expertise for developing and implementing the Cybersecurity Risk management program. Responsibilities require expert knowledge and abilities to facilitate all risk management lifecycle phases including identification, analysis and prioritization, response/mitigation, and monitoring/reporting. A qualified candidate must have the technical acumen to analyze and understand Cybersecurity Risks in the context of various technologies and business assets, threat actors and methods, vulnerabilities, and control gaps.
Success in this role requires collaborating with multiple levels of IT and business personnel, and at times third-party organizations. This position requires strong project management, communication (written and verbal), analytical, and troubleshooting skillsets to facilitate cross-functional engagements and execution of various assessments, control testing, awareness & education initiatives, and the development of policies, standards, and guidelines.
The position supplies the information necessary to manage the risk to the organization ensuring business alignment, effective governance, and system availability, integrity, and confidentiality.
Core Responsibilities
Review, assess, and monitor security compliance programs against security policies, standards, and frameworks such as SOC2, ISO 27000, NIST CSF, etc.
Support the establishment, execution, and maintenance of the cybersecurity GRC program.
Facilitate the implementation and execution of the cybersecurity third-party risk management (TPRM) program.
Conduct periodic and ad hoc cybersecurity and vendor risk assessments over new and existing services and technologies.
Develop and execute qualitative and quantitative risk analyses in alignment with industry-standard risk management frameworks to understand business impact and likelihood of realization, and to prioritize risk.
Aid in documenting and maintaining identified risks in a risk register within the GRC system.
Communicate risk assessment findings to cross-functional risk owners and stakeholders through the establishment and facilitation of various reports, dashboards, and presentations to inform risk-based decision making.
Support and provide consultative advice in the identification of opportunities and solutions to improve risk posture, the development of response and mitigation plans, and the coordination/tracking of improvement and response activities with owners to completion.
Support documentation management such as security policies, standards, processes, procedures, and data flows.
Coordinate policy exception management processes in relation to integrated risk management.
Lead evidence collection for external audits related to SOC2, ISO 27000, NIST CSF, etc.
Build and cultivate positive working relationships with stakeholders across various teams.
Qualifications
Bachelor's Degree from an accredited four-year college or university in cybersecurity, computer science, information technology, business, information security, or related field and 2+ years of cybersecurity or related IT risk management experience; or equivalent work experience in a cybersecurity or related IT field, preferably in cyber risk management.
2+ years experience with cybersecurity frameworks and compliance standards such as NIST, ISO 27001, SOC2, etc. preferred.
2+ years of experience implementing or administering a GRC or IRM solution (e.g., ServiceNow, Archer, MetricStream) preferred.
Experience in coordinating and executing a third-party risk management lifecycle and solution.
Information security-related certifications such as CISSP, CISM, or CRISC are preferred.
Basic knowledge of security technologies such as firewalls, IDS, DLP, Vulnerability Scanners, etc.
Ability to develop security standards and guidelines based on best practices and industry standards.
Excellent interpersonal, communication, and presentation skills, including formal report-writing experience.
#remote
EEO/AA Information
Smithfield is an equal opportunity employer committed to workplace diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, protected veterans status, status as a disabled individual or any other protected group status or non-job characteristic as directed by law.
If you are an individual with a disability and would like to request a reasonable accommodation for any part of the employment selection process, please call us at 757-357-1595.
