Cybersecurity Risk Analyst - GRC, Security Awareness, ITGC

Perdue Foods is part of Perdue Farms, a family-owned company heading into its second century of growth and innovation. With a goal of becoming the most trusted name in premium proteins, we create products for consumers and for retail and foodservice customers around the globe, while changing the way animals are raised for food.

Summary

We are seeking a skilled and proactive Cybersecurity Risk Analyst to join our growing cybersecurity and risk management team. This role will focus on Cybersecurity Governance, Risk, and Compliance (GRC), security awareness, and IT General Controls (ITGC). The ideal candidate will have a strong understanding of risk management frameworks, cybersecurity controls, and regulatory compliance requirements, and will play a pivotal role in ensuring our organization maintains a robust cybersecurity posture while enhancing and promoting a culture of cyber awareness.

The salary range for this position is $73,000 - $109,000 per year, based on experience and qualifications with annual bonus available (variable depending on performance).  

In addition to the base salary, Perdue offers a competitive benefits package, including medical/Rx, 401(k) with employer match after 1 year, critical illness, accident insurance, dental, vison, life insurance, optional group life insurance, short-term and long-term disability protection, flexible spending accounts and paid time off.  

Principal and Essential Duties & Responsibilities

• Conduct regular risk assessments to identify, evaluate, and prioritize cybersecurity risks to the organization’s information assets.
• Monitor and report on compliance with internal security controls and external regulatory requirements.
• Assist in the implementation and management of GRC tools and platforms for risk identification, assessment, and mitigation tracking.
• Assist in Third Party Cyber Risk reviews and documentation of controls as needed.
• Develop and implement a comprehensive security awareness training program for employees to promote a culture of cybersecurity across the organization.
• Conduct regular phishing simulations, security drills, and educational sessions to enhance employee understanding of potential cyber threats.
• Measure the effectiveness of training and awareness programs through metrics and analytics, refining content and outreach strategies as needed.
• Support ITGC testing and documentation to ensure systems and processes meet compliance standards and internal control requirements.
• Participate in internal audits and control testing activities to verify the adequacy of IT controls:
• Assist in the preparation and execution of SOX audits, focusing on IT and cybersecurity-related controls and processes.
• Collaborate with auditors and internal stakeholders to ensure timely resolution of any SOX-related findings.

Minimum Education

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field.

Experience Requirements

• 3-5 years of experience in cybersecurity, risk management, or compliance, with a focus on GRC, ITGC, SOX, and security awareness.
• In-depth knowledge of risk management frameworks and industry standards (e.g., NIST, ISO 27001, COBIT).
• Strong understanding of IT General Controls, SOX compliance, and related cybersecurity frameworks.
• Experience developing and implementing security awareness training programs.
• Knowledge of industry regulations and standards such as HIPAA, PCI-DSS, GDPR, and others.

Experience Preferred

• Certifications such as CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional).

Environmental Factors and Physical Requirements

The environmental factors and/or physical requirements of this position include the following:
Ability to work in an open-partitioned cubicle environment.
Ability to communicate via telephone.
Ability to support off-hours for problems and staffing coverage.
Ability to operate a computer terminal and a workstation, using keyboard, mouse and reading a monitor.
Ability to remain stationary for up to 7.5 hours a day or more.
Ability to travel, possibly overnight, to any customer area, which could be any Perdue facility or to a remote site for disaster recovery or training.
Ability to carry or transport hardware/software up to 30 lbs. Must be able to implement hardware.
Ability to climb stairs/ladder, work in parts of the building/facility which house the wiring infrastructure to review, test or implement computer products/services..

Perdue Farms, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.