Senior Cybersecurity Risk Analyst
Salisbury, MD, US, 21804
Perdue Farms is a family-owned food and agriculture company now in its second century of growth and innovation. We were founded on trust—a value that carries through everything we do. Perdue Foods is a leader in Premium Proteins and Perdue AgriBusiness ranks among the top US grain companies.
Summary
Perdue is seeking a Sr. Cybersecurity Risk Analyst to join our Information Security team. This position will actively contribute to the on-going maturation of the company's information security program through executing security assessments, guiding secure technology implementations, and mitigating cyber risk. The ideal candidate will have a technical or cybersecurity background (e.g. security operations, security engineering) that can effectively lead and advise on cybersecurity implementation, assessments, and cyber risk reduction strategies for IT and business initiatives.
The salary range for this position is $97,000 - $145,000 per year, based on experience and qualifications with annual bonus available (variable depending on performance).
In addition to the base salary, Perdue offers a competitive benefits package, including medical/Rx, 401(k) with employer match after 1 year, critical illness, accident insurance, dental, vison, life insurance, optional group life insurance, short-term and long-term disability protection, flexible spending accounts and paid time off.
Principal and Essential Duties & Responsibilities
- Create and maintain partnering relationships with business leaders and managers to advise on cybersecurity requirements for project implementation and execution.
- Manage and guide IT and business areas on technical remediations stemming from vulnerability assessments, pen tests, application security assessments, audit, etc. providing prioritized remediation efforts.
- Provide input into cybersecurity strategies and plans based on evolving technology risk and business initiatives stemming from security assessments and industry requirements.
- Lead cybersecurity projects for identifying and mitigating risk (maturity assessment, cyber controls assessment, PCI-DSS, HIPAA, etc.) as needed.
- Provide and assess the security of third-party solutions and supplier integrations; recommend appropriate security controls and contractual language.
- Track, measure, validate, and report on risk identification, acceptances, and remediation efforts.
- Maintain information security policies and standards to support the on-going protection and security requirements for the organization.
- Support CSIRT and cybersecurity operations teams during tabletop exercises, incident response, legal request, and internal investigation as needed based on aligned business/IT areas.
Minimum Education and Experience
Bachelor’s degree in Information Systems, Cyber Security, Computer Science or related discipline is preferred, however, equivalent years of experience may be considered in lieu of educational requirements, and a minimum of seven (7) years of Information Technology experience, with at least three (3) years within Information Security.
The ideal candidate will also have:
- Previous experience in one of the following domains, cybersecurity operations, architecture, or engineering.
- Experience engaging vendors and consultants to execute cyber assessments.
- Working knowledge of industry control frameworks and standards, NIST CSF, CIS, OWASP, and MITRE ATT&CK
- Proficiency in information security domains, including risk and control assessments, policies and standards, secure systems development lifecycle, regulatory compliance, access controls, incident management, vulnerability management, and data protection.
- Understanding of cyber security threat modeling, risk management concepts, cyber security frameworks, secure coding principles, and security technologies.
Experience Preferred
- CISSP, CISM, CRISC, GSEC, GCIH, Security+, etc.
- Prior experience working in manufacturing, retail, medical, energy, finance, food, consumer goods or pharmaceutical industries.
- Experience with one more of the following industry regulations, PCI-DSS, HIPAA, DHS-CFATS
Environmental Factors and Physical Requirements
The environmental factors and/or physical requirements of this position include the following:
Ability to work in an open-partitioned cubicle environment.
Ability to communicate via telephone.
Ability to support off-hours for problems and staffing coverage.
Ability to operate a computer terminal and a workstation, using keyboard, mouse and reading a monitor.
Ability to remain stationary for up to 7.5 hours a day or more.
Ability to travel, possibly overnight, to any customer area, which could be any Perdue facility or to a remote site for disaster recovery or training.
Ability to carry or transport hardware/software up to 30 lbs. Must be able to implement hardware.
Ability to climb stairs/ladder, work in parts of the building/facility which house the wiring infrastructure to review, test or implement computer products/services..
Perdue Farms, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
Nearest Major Market: Salisbury