Cracker Barrel is looking to add to the Cyber Security team. This person will manage and provide leadership and direction for the company's Information Security Governance Risk & Compliance (GRC) program. This manager will be responsilble for enhancing and maintaining Cracker Barrel's existing GRC program, as well as for developing and managing an enterprise-wide information security risk program.
Establish and maintain a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, Health Information Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), California Consumer Privacy Act (CCPA) and Payment Card Industry Data Security Standard (PCI), other applicable industry standards.
Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
Rebuild and maintain company policies, controls, and standards.
Create mechanisms and reports to ensure the Cybersecurity program has ample oversight.
Develop and maintain a Vendor Risk Management program, ensuring all business units follow and uphold process rigor.
Influence and validate metrics used in assessment of security program success and report them regularly to security and business leadership.
Drive ongoing security maturation program, where areas of strength are amplified and areas needing improvement are documented.
Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to PCI, SOX, HIPAA, and CCPA.
Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence.
Strong team and organizational management skills, and track record of delivering GRC projects under tight deadlines.
Demonstrated project management, multitasking and organizational skills.
Education & Certifications
10+ years' experience in cybersecurity in one or more roles, including security analyst, compliance and regulations, risk management or audit.
At least 2 years of management experience in Security
Preferred certification in CISSP, CISM, CISA, CRISC, GSLC, or other system security certification
NOTE: Racism, either overt or perpetuated through unconscious bias, has no place at Cracker Barrel Old Country Store, and both our Mission and People Promise are firmly rooted in the principle of valuing what everyone brings to the table. Our employees work hard to ensure that our brand, which is grounded in genuine hospitality and nostalgia, represents only what is good about those things. While our dcor and food may harken back to earlier times, our inclusive culture and beliefs about equality and diversity do not.
Street 2: 307 Hartmann Drive
Street: Home Office
External Company Name: Cracker Barrel Old Country Store, Inc.
External Company URL: www.crackerbarrel.com
In compliance with federal and state equal employment opportunity laws, qualified applicants are considered for all positions without regard to race, color, religion, sex, sexual orientation, genetic information, national origin, age, marital status, medical condition, disability or any other class expressly protected by law. Qualified applicants are considered for employment according to the laws of the respective state of employment. If you feel this policy has been violated, you may report such instances to the Employee Relations Department online (http://www.crackerbarrel.com/contact-us/employee/ ) or toll free at 1 800-333-9566.
Cracker Barrel does not unlawfully discriminate in hiring. If you are interested in applying for a position and need a reasonable accommodation during the application process, please contact (1-800-333-9566) so that we can work with you to reasonably accommodate you. Note that individuals who have any hearing impairment will be reasonably accommodated in the application process.
