Position Title: Senior IS Policy & Governance Analyst
Location: Salisbury, NC
Leads the development and maintenance of the information security policy, communication, and information management programs by analyzing, implementing, and enforcing risk management, industry standard information security requirements and training program initiatives established by management. Leads the support, maintenance, and enhancements to the Governance, Risk, and Compliance system to meet business requirements and the strategic direction of Delhaize America.
Policy and Standards:
•Provides analytical support for the coordination, management and execution of security and information policy and standards programs.
•Provides analysis for the development of policies and standards for the implementation of information security measures at the application, infrastructure and network design level.
•Assists with integrating policy and standards in the business and IT operational models.
•Integrates with compliance and risk management functions to ensure that policy and standards are integral to compliance and risk analysis activities.
•Designs and develops comprehensive information security training, education and awareness programs that include regular updates, recertification, awareness campaigns and employee access to relevant training and awareness tools.
•Monitors training compliance and compiles management reporting for adherence to training and awareness requirements.
•Updates information security training and awareness content based on current risks, threats and enterprise strategies.
Information Management (eGRC):
•Develops applications that assess, measure, and communicate IT security related business risk using the eGRC Framework or additional tools and methodologies.
•Assesses application change requests, determines impact, and estimates work effort.
•Supports current eGRC implementation.
•Supports the development, monitoring, and analysis of information security metrics in support of business objectives.
•Supports the deployment of eGRC software upgrades and patches.
•Analyzes eGRC product roadmap and recommends Delhaize adoption and deployment strategies.
•Completes application configurations and minor customizations.
•Supports the insourcing of the IT infrastructure and source code deployment.
•Develops eGRC reports, operation metrics and customer requested reports.
•Serves as a subject matter expert (SME) on the eGRC platform.
•Bachelor's degree or equivalent work experience.
•Strong understanding of Information Security industry standards/best practices (e.g., NIST, PCI) along with and understanding of Information Security related laws and regulations (e.g., PCI, HIPAA, SOX).
•Proficient understanding of Information Security Policy and controls.
•Proficient understanding of Information Security related laws and regulations (e.g., GLBA).
•Proficient understanding of related information security technologies (e.g. Windows/Unix operating systems, authentication methods, firewalls, routers, web services, etc.)
•Analytical and detail oriented.
•Demonstrated experience supporting and configuring eGRC solutions.
•Practical Knowledge of Version 5.0 of the RSA Archer eGRC Platform, HTML and Data Feed configuration.
•Must be a self-starter, capable of focused research, collection and analysis of intelligence relevant to the retail industry and enterprise information security.
•Bachelor's degree in computer science, information systems or other related field.
•Excellent written and verbal communication skills.
•Project Management experience.
Skills and Abilities:
•Strong communication, facilitation skills, and strong time management skills.
•Works well both independently and in a team setting.
Delhaize America is a subsidiary of Delhaize Group, a Belgian-based international food retailer committed to offering customers a...