Sr. Manager, Governance, Risk, & Compliance

At SpartanNash, we deliver the ingredients for a better life through customer-focused innovation. We do this for our supply chain customers and U.S. military commissaries, retail store guests and, most importantly, our Associates. In fact, we see a day when each will say, “I can’t live without them.”

Our SpartanNash family of Associates is 20,000 strong, ranging from bakery managers to order selectors; from IT developers to vice presidents of finance; from HR Business Partners to export specialists. Each of them plays an integral role in SpartanNash’s People First culture, Operational Excellence and Insights that Drive Solutions. Ready to contribute to the success of our food solutions company? Apply now!

Location:

850 76th Street S.W. - Byron Center, Michigan 49315

Job Description:

Position Summary:

This role is responsible for supporting the security direction of the business and elevating the company’s security posture. The role oversees the business’ security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). 

Here's what you’ll do: 

• Lead a team of GRC Analysts to Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security and maintain oversight in a GRC-related platform. 

• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks. 

• Maintain strong oversight of third parties, vendors, and partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered. 

• Analyze findings, and document, recommend and report program gaps to security leadership. 

• Work in tandem with security and audit leadership to perform ongoing security program assessments and participate in the creation of annual strategic technology and budgetary directives. 

• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. 

• Support audit practices and processes and work with the IT organization to ensure findings are remediated. 

• Work closely with legal, audit, and security leadership to ensure cybersecurity policies and practices are created, documented, implemented, measured and aligned within an appropriate level of risk. 

• Create, implement and measure procedures to support Cybersecurity policies and practices. 

• Enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units, and employees. 

• All other duties as assigned

Here’s what you’ll need: 

• At least 8 years of IT or cybersecurity experience (or IT coupled with cybersecurity), with at least two years in an operationally focused IT Assurance or security practitioner role. 

• Experience with Payment Card Industry (PCI) assessments, PCI-P certification preferred. 

• Strong experience with NIST CSF and Risk Management Framework 

• Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and a security-first culture. 

• High level of integrity, trustworthiness, and confidence to represent the company and risk management leadership with the highest level of professionalism. 

• Experience with creating and maintaining cybersecurity policies and assessing organizations using a standard security framework. 

• Demonstrated knowledge of operating systems, networking, security concepts, cybersecurity regulations, and best practices. 

• Excellent analytical, problem-solving, troubleshooting, and decision-making 

• Excellent organization, prioritization, and attention to detail skills.  

• Ability to lead projects and provide work direction to others.  

• Must be able to work independently and in team settings.  

• Highly organized, detail oriented, with excellent written and verbal communication skills. 

• CISSP, CISM, or CRISC are preferred but not required. 

• At least 3 years of team leadership experience is required. 

 

Physical Requirements: 

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

May be required to lift and/or move 20 pounds. The associate is frequently required to sit/stand/walk. While performing the duties of this position, the associate is subject to a typical office environment and is rarely exposed to outside weather conditions. Temperatures may vary for those subject to any of the following areas: computer/server room, print shop, production area). The noise level in the work environment is usually low to moderate but may be high in distribution settings. Travel requirements vary by assignment. 

As part of our People First culture, SpartanNash is proud to offer a robust and competitive Total Rewards benefits package.

SpartanNash is an Equal Opportunity Employer that invests in Associate development, recognizes and celebrates success, fosters two-way communication, and promotes a sense of belonging. We are committed to providing equal employment opportunities to all individuals, including those with disabilities and Veterans. 

We are not able to sponsor work visas for this position.