Our mission is to make everyday eating extraordinary for our guests. We create a warm, welcoming, memorable experience with exceptional, personal service. We're looking for a new team member who strives for excellence and brings positive energy, commitment, and a -can-do- attitude to work every day. We value teamwork and celebrate our successes as a team and will value your contribution!
Added Benefits for choosing The Fresh Market Team:
Team member discount up to 40%
Health, Dental & Vision insurance available for individual, spouse, partner, and family.
And much more!
401K contribution and match for part-time and full-time team members.
Personal time off and additional time off purchase plans available
The Fresh Market is seeking a Security Analyst to join our EIS Team at our Store Support Center (099). The Security Analyst will be delivering accurate information about information security risk that will be used to inform executive management and the board of directors, and drive execution on addressing information security risk to levels acceptable to the company. Managing TPRM through GRC tools, reviewing vendor compliance reports (e.g. SOC2) and requesting, reviewing and rating vendor security questionnaires. You'll be responsible for improving and maturing the program along industry best practices. Writing new security policies as needed, submitting to the security board for approval, and maintain security policies to the requirements set forth by executive management. This role provides highly skilled project management, technical, risk management and information security expertise for development and implementation of the information security risk management program.
The Security Analyst, Governance Risk and Compliance reports to the Director of Information Security.
#LI-JM1 #LI-HYBRID
Risk Management
Lead and manage the system-wide risk management function of the information security program to ensure information security risks are identified and monitored. Update and manage TFM's risk register, working with stakeholders to ensure that appropriate priority is driven to manage documented risks.
Track identified information security risks through the risk management process including risk identification, analysis, decision-making, treatment planning and tracking.
Lead and manage the third-party risk management function of the information security risk management program to ensure vendor security risks are identified and monitored.
Use established methods to assess risk both qualitatively (impact/probability) to establish a risk rating and quantitatively to show the impact in dollars of a realized risk (SLE/ALE), and to determine the cost of addressing risk such that residual risk is at an acceptable level.
Contribute to security architecture, monitoring and risk handling by evaluating and making recommendations to management regarding the adequacy of the security controls for TFM's information and technology systems.
Policy/Compliance
Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
Develop and implement effective and reasonable information security and privacy policies aligned with adopted and approved frameworks. Present new and changed policies to the information security board for approval and once approved, communicate to the company.
Execute strategy for managing compliance with the following or similar frameworks: PCI DSS, NIST-CSF, SOC-2, HIPAA, and one or more privacy frameworks (SOC-2 TSC for privacy, NIST-Privacy, ISO 27701)
Security Awareness
Manage and improve TFM's security awareness program, ensuring that effective ongoing training is made available at the right level of depth for the right groups/roles within the company. Track and be able to report on and prove the level of compliance ensuring that it meets TFM's stated policy and the requirements of adopted compliance frameworks.
Communicate the value of security awareness on an ongoing basis. Conduct security tests, report results and recommend appropriate remedial training for test failures.
Industry Knowledge
Audit
Perform as audit liaison between IT and auditors for any external audits. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective reflective of TFMs culture. Provide guidance, evaluation and advocacy on audit responses
Conduct periodic self-assessments against stated policy and adopted frameworks to ensure compliance is being maintained at all times.
Leadership and Teamwork
Recommend and deliver on programmatic and technical directions and operate with a high degree of independence in matters regarding information security risk management.
Operate with a high degree of independence with regard to project management activities, including development of project plans, communicating and collaborating with stakeholders.
Ability to build a network among peers and upper management for mutual contribution and achievement of goals.
Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
Coordinate the adoption of information security best practices throughout the enterprise.
Bachelor's Degree required with significant course work in in Risk Management, Cybersecurity or an IT discipline.
Minimum 6 years of combined experience in Information security, compliance, technology audit, or a related field.
Minimum of 3 years working on or leading an information security risk management program or team in positions of increasing responsibility.
Minimum of 2 years' experience working with one or more of the following frameworks: PCI, NIST-CSF, SOC 2, ISO 27001.
Minimum of 1-year experience using an IRM/GRC tool (e.g. Archer, Resolver, Ostendio) to administer and maintain an information security risk management program.
Minimum of one of the following security certifications: GRCP, CRISC, PMI-RMP, CISSP, CRMA, CASP+
Experience working within a hybrid on-prem / cloud IT environment.
Strong written and verbal communication skills.
Experience working in a collaborative team environment.
Experience with OCTAVE, FAIR, NIST-RMF is preferred but not required.
REASONABLE ACCOMMODATIONS: Consistent with applicable laws, TFM will make reasonable accommodations for qualified applicants and team members, unless doing so would result in an undue hardship to TFM. This guiding principle applies to all aspects of employment, including hiring and job assignment, compensation, discipline, termination, and access to benefits and training.
At The Fresh Market, we have a COVID-19 vaccination policy that requires all Store Support Center Team Members to be fully vaccinated absent an approved religious or medical accommodation by the company.
Qualified applicants will receive consideration for employment without regard race, color, creed, religion, age, sex, gender, sexual orientation, gender identity, pregnancy and related medical conditions, national origin, genetic information, uniformed service, veteran status, disability, or any other basis prohibited by federal or state law.
The statements in this job description are provided to describe the general nature and level of work expected in this role. While these statements include the essential functions of the job, they are not intended to be a complete list of all responsibilities, duties and skills required. As we work as a team, there may be times team members are needed to perform duties outside of their normal responsibilities based on business needs.
Requisition ID: 2022-81986
External Company Name: The Fresh Market Inc
External Company URL: www.thefreshmarket.com
Street: 300 N. Greene Street
