Safeway
Overview
Lead Sr. Tech and Engineering Recruiter | AI | eCommerce | Digital | Cloud | Cyber Security | Supply Chain Tech Responsibilities Support execution of information security controls testing program, including planning, fieldwork, analysis, and reporting for various control types (technical, administrative, physical). Develop and document detailed test plans and methodologies to assess the design and operating effectiveness of security controls against established frameworks (e.g., NIST CSF, ISO 27001, CIS Controls). Identify control deficiencies, analyze root causes, and propose practical remediation recommendations to control owners and other stakeholders. Lead the development and implementation of a formal enterprise risk management (ERM) program, including risk definition, identification, assessment, and treatment processes. Facilitate risk treatment discussions to capture remediation plans toward enabling timely and effective closure of identified risks. Contribute to the development and maintenance of GRC policies, standards, and procedures, ensuring alignment with regulatory requirements and industry best practices. Assist in the preparation for, and execution of, external audits and assessments. Develop and deliver training and awareness materials on GRC principles and practices to various audiences. Leverage GRC tools and technologies to streamline and automate GRC processes, including controls testing and risk management. Stay abreast of emerging threats, vulnerabilities, and regulatory changes impacting the information security landscape. Mentor and provide guidance/training to less experienced staff as a subject matter expert.
Information Security Skills And Experience
You are a self-starter capable of prioritizing, developing, and executing controls testing plans with limited supervision. You can interpret and contextualize control objectives to analyze their efficacy given a wide variety of technologies and business processes. You possess strong conceptual thinking and have excellent communication skills. You can articulate risk and controls concepts to a wide variety of audiences. You have working knowledge of industry standard controls frameworks (e.g., NIST CSF, CIS Controls, ISO 27001). You have a strong understanding of technology risk, information security fundamentals, defense-in-depth practices, risk assessment fundamentals, and risk management practices. You are capable of articulating risk in business-impact terms. You understand network, cloud, and application security principles and have experience with controls approaches addressing various risks in all domains. You have a strong desire to continually learn about new technologies.
Key Success Criteria
Successful and timely execution of the controls testing plan, with clear identification of control gaps and actionable remediation plans. Establishment of a foundational enterprise risk register with clearly defined risks, assessments, and ownership. Demonstrated improvement in the maturity of internal controls testing processes and documentation. Positive feedback from internal stakeholders on the clarity, effectiveness, and constructive nature of GRC engagements. Development of clear and concise reporting on control effectiveness and risk posture for management review. Proactive identification and escalation of potential security risks and control weaknesses. Effective collaboration and communication with IT, business units, and other relevant departments. Contributions to the enhancement of GRC policies, standards, and procedures that are practical and effective. Mentorship of junior team members, fostering their growth and development. Positive contributions to the overall security culture and awareness within the organization.
The position will be based in Pleasanton, CA or Boise, ID. We Are Looking For Candidates Who Possess The Following Bachelors degree (Computer Science, Information Systems, or a related field) or equivalent practical work experience 10+ years of professional cybersecurity experience focused on executing controls testing, risk assessments, and remediation plan development Proven experience in developing and implementing internal controls testing programs Demonstrated experience in building and maturing risk management frameworks Professional certifications desired (CISSP, CRISC, CISM, CISA, etc.) Strong analytical and problem-solving skills Excellent written and communication skills with the ability to present complex information clearly and concisely to various audiences Experience with GRC platforms and tools (i.e. RSA Archer) is highly desirable Familiarity with scripting languages (e.g., Python, PowerShell) for automation is an advantage
We Also Provide a Variety Of Benefits Including
Competitive wages paid weekly Associate discounts Health and financial well-being benefits for eligible associates (Medical, Dental, 401k and more!) Time off (vacation, holidays, sick pay). For eligibility requirements please visit myACI Benefits Leaders invested in your training, career growth and development An inclusive work environment with talented colleagues who reflect the communities we serve
Salary and Additional Information
The salary range is $157,900 to $205,300 annually. Starting salary will vary based on location, experience, and qualifications. There may be flexibility for exceptional candidates. A copy of the full job description can be made available to you. #J-18808-Ljbffr
Lead Sr. Tech and Engineering Recruiter | AI | eCommerce | Digital | Cloud | Cyber Security | Supply Chain Tech Responsibilities Support execution of information security controls testing program, including planning, fieldwork, analysis, and reporting for various control types (technical, administrative, physical). Develop and document detailed test plans and methodologies to assess the design and operating effectiveness of security controls against established frameworks (e.g., NIST CSF, ISO 27001, CIS Controls). Identify control deficiencies, analyze root causes, and propose practical remediation recommendations to control owners and other stakeholders. Lead the development and implementation of a formal enterprise risk management (ERM) program, including risk definition, identification, assessment, and treatment processes. Facilitate risk treatment discussions to capture remediation plans toward enabling timely and effective closure of identified risks. Contribute to the development and maintenance of GRC policies, standards, and procedures, ensuring alignment with regulatory requirements and industry best practices. Assist in the preparation for, and execution of, external audits and assessments. Develop and deliver training and awareness materials on GRC principles and practices to various audiences. Leverage GRC tools and technologies to streamline and automate GRC processes, including controls testing and risk management. Stay abreast of emerging threats, vulnerabilities, and regulatory changes impacting the information security landscape. Mentor and provide guidance/training to less experienced staff as a subject matter expert.
Information Security Skills And Experience
You are a self-starter capable of prioritizing, developing, and executing controls testing plans with limited supervision. You can interpret and contextualize control objectives to analyze their efficacy given a wide variety of technologies and business processes. You possess strong conceptual thinking and have excellent communication skills. You can articulate risk and controls concepts to a wide variety of audiences. You have working knowledge of industry standard controls frameworks (e.g., NIST CSF, CIS Controls, ISO 27001). You have a strong understanding of technology risk, information security fundamentals, defense-in-depth practices, risk assessment fundamentals, and risk management practices. You are capable of articulating risk in business-impact terms. You understand network, cloud, and application security principles and have experience with controls approaches addressing various risks in all domains. You have a strong desire to continually learn about new technologies.
Key Success Criteria
Successful and timely execution of the controls testing plan, with clear identification of control gaps and actionable remediation plans. Establishment of a foundational enterprise risk register with clearly defined risks, assessments, and ownership. Demonstrated improvement in the maturity of internal controls testing processes and documentation. Positive feedback from internal stakeholders on the clarity, effectiveness, and constructive nature of GRC engagements. Development of clear and concise reporting on control effectiveness and risk posture for management review. Proactive identification and escalation of potential security risks and control weaknesses. Effective collaboration and communication with IT, business units, and other relevant departments. Contributions to the enhancement of GRC policies, standards, and procedures that are practical and effective. Mentorship of junior team members, fostering their growth and development. Positive contributions to the overall security culture and awareness within the organization.
The position will be based in Pleasanton, CA or Boise, ID. We Are Looking For Candidates Who Possess The Following Bachelors degree (Computer Science, Information Systems, or a related field) or equivalent practical work experience 10+ years of professional cybersecurity experience focused on executing controls testing, risk assessments, and remediation plan development Proven experience in developing and implementing internal controls testing programs Demonstrated experience in building and maturing risk management frameworks Professional certifications desired (CISSP, CRISC, CISM, CISA, etc.) Strong analytical and problem-solving skills Excellent written and communication skills with the ability to present complex information clearly and concisely to various audiences Experience with GRC platforms and tools (i.e. RSA Archer) is highly desirable Familiarity with scripting languages (e.g., Python, PowerShell) for automation is an advantage
We Also Provide a Variety Of Benefits Including
Competitive wages paid weekly Associate discounts Health and financial well-being benefits for eligible associates (Medical, Dental, 401k and more!) Time off (vacation, holidays, sick pay). For eligibility requirements please visit myACI Benefits Leaders invested in your training, career growth and development An inclusive work environment with talented colleagues who reflect the communities we serve
Salary and Additional Information
The salary range is $157,900 to $205,300 annually. Starting salary will vary based on location, experience, and qualifications. There may be flexibility for exceptional candidates. A copy of the full job description can be made available to you. #J-18808-Ljbffr