Requirements: As a retail grocer, we operate seven days a week and 365 days a year, and as such, work in support of our stores may include evening and weekend hours per the needs of the business. A Valid Driver's License and vehicle are required, as well as the ability to travel regularly to store locations, trade shows/events, and/or other offsite locations throughout the local region.
About the role: The IT Security Analyst is responsible for ensuring our security controls are appropriate, effective, and efficiently managed. This role is critical to helping us to understand, manage and mitigate our information security risks. This individual will work closely with infrastructure, application, and risk teams to validate that new technology conforms to company security guidelines. The individual must be a self-starter interested in working in a busy and dynamic environment where quality, attention to detail, customer service, and a professional manner are essential values. The ideal candidate is resourceful, responsive, analytical, and enjoys quantitative problem solving, metrics and research.
General Requirements:
- Understands and models our company culture. Acts as a steward of company resources, mission, vision, and values. Promotes sustainable business practices.
- Delivers exceptional service and demonstrates friendly and attentive behaviors with internal and external customers.
- Embraces an agile work environment and guides others through change and continuous improvement.
- Works in stores and other offsite events and locations as needed to support our core business and community.
- Works cooperatively and positively with fellow team members, customers, and vendors, creating a respectful workplace where everyone is welcome.
- Demonstrates ability to manage own time and models a flexible work style. Shifts tasks as priorities and circumstances change based on needs and conditions of department. Creative with problem-solving and is solutions-oriented.
- Communication style is confident, informative, adaptive to different styles and effective.
- Gives and receives feedback constructively, demonstrating the company's Speak Up culture. Responds to feedback to improve performance.
- Maintains confidentiality and exercise good judgment around sensitive information.
- Adheres to work and food safety policies set forth by the company and all local, state, and federal regulatory agencies. Contributes to store and office cleanliness and maintains equipment.
- Observes all company rules and policies. Understands and complies with specific department or location guidelines, tasks, and responsibilities.
Position Responsibilities:
- Administering and operating assigned security controls (hands-on)
- Overseeing the operation of security controls assigned to others
- Assessing and improving our controls on a framework and individual system basis
- Identifying and implementing hardening standards
- Participating in cross-functional design and development meetings
- Performing and facilitating application threat modeling, architecture reviews, risk assessments, and similar activities as required.
- Identifying and communicating applicable security requirements
- Collaborating with business and development partners to find solutions when unacceptable risks are identified.
- Communicating risks business owners have what they need to make risk-informed decisions
- Enabling well-informed decision-making by effectively communicating risk to both technical and business stakeholders.
- Maintaining and expanding our IR plans, processes, and procedures
- Performing and delegating routine IR lead activities
- Determining when additional internal or external resources are necessary, and bringing them to bear
- Identifying, communicating, and applying "lessons learned" after each incident
- Working closely with IT compliance and other stakeholders to identify and prioritize roadmap items
- Defining security initiatives and resource requirements
- Helping plan yearly budgets
- Publishing the roadmap and communicating progress
- Participating in sprint planning and similar activities
- Maintain accurate and current documentation of all systems.
- Weekend, holiday, and overnight project work may be required.
This job description is not meant to be an all-inclusive list of duties, responsibilities and requirements. Still, it constitutes a general definition of the position's scope and function within our company. Good Food Holdings reserves the right to amend and change duties, responsibilities, and requirements to meet changing industry or business needs as necessary.
What you Bring as a Candidate:
The requirements below represent the required knowledge, skill, and ability. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Prior experience includes operating and overseeing standard security controls, including two or more of the following:
- Email security gateways (Mimecast, ProofPoint, etc.)
- Centralized endpoint protection (TrendMicro, Sophos, etc.)
- Vulnerability management (R7, Qualys, etc.)
- WAF and Network Firewalls (Imperva, AWS, Fortigate, PAN, etc.)
- Prior experience includes being responsible for any mix of the following:
- Threat modeling
- Risk assessments
- Security reviews
- Secure system design
- Incident Response
- Additional experience with:
- Routinely performing incident response activities in a SOC or similar environment
- Serving as an incident response lead, documenting incident-specific procedures, and automating routine tasks
- Managing an incident response program, facilitating table top exercises, and end-to-end responsibility for ensuring incident response plans are faithfully executed.
- Work experience in a retail environment is a plus
- Experience with PCI concepts is a plus.
- Ability to discuss technical and non-technical requirements, issues, and processes with internal team members and vendors is required. Can write business requirements and system requirements.
- Must have exceptional analytical and organizational skills and know how to prioritize work. There are many tasks to accomplish, most of which have strict, unmovable deadlines; thus, the individual can work under pressure and meet deadlines successfully while not sacrificing the quality of the tasks performed.
- Flexible and adaptable with regard to learning and understanding new technologies.
- Highly self-motivated and directed.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to perform the essential functions of this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. While performing the duties of this job, the employee is frequently required to sit and talk or listen. The employee will likely sit for extended periods and need the ability to type and use computers on a regular basis. The employee may occasionally lift and move up to 25 pounds and occasionally lift and move up to 50 pounds. Specific vision abilities required by this job include close vision and daily viewing of computer monitors. The noise level in the office environment is usually quiet, while the noise level in the stores can occasionally be loud.
Travel
Travel for this position up to 25% of the time.
Job Type: Full-time
Pay: $95,000.00 - $115,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee discount
- Flexible schedule
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Referral program
- Retirement plan
- Vision insurance
Experience level:
Schedule:
- 8 hour shift
- Monday to Friday
Experience:
- Information security: 2 years (Required)
Ability to Commute:
- Portland, OR 97214 (Required)
Work Location: In person