Perdue Farms, Inc. Senior Information Security Analyst - Supplier Risk Management (REMOTE) in Baltimore, Maryland
Perdue Farms is a family-owned food and agriculture company heading into its second century of growth and innovation. We were founded on trust—a value that carries through everything we do. Perdue Foods is a leader in Premium Proteins and Perdue AgriBusiness ranks among the top US grain companies.
Perdue Farms is looking for a Sr. Information Security Analyst to run and enhance our supplier security risk program. In this role you will be responsible for identifying key suppliers and conducting supplier assessments for ensuring adequate protection of Perdue’s data. You will work closely with risk management, legal, procurement, and supplier managers to identity and mitigate security risk associated with suppliers.
This opportunity can be remote but the candidate MUST live within 4 hours of driving distance to Salisbury, MD. Ideal locations would be Baltimore/DC Metro Area, Philadelphia, Norfolk/Virginia Beach, or Richmond, VA. Must be able to travel to Corporate HQ as business needs arise.
Relocation will be offered should the candidate want to relocate to Salisbury, MD.
Principal and Essential Duties & Responsibilities
Enhance and run supplier security program to catalogue, assesses, track, and reduce risk associated with suppliers’ having Perdue’s data and systems access.
Manage distribution and perform review of supplier questionnaires and associated documentation (e.g. SOC 2 Type 2) in support of identifying and evaluating security risk.
Provide reporting of assessment findings and recommendations for improvement to supplier and internal business areas.
Assist with selecting and running a governance, risk and compliance (GRC) software platform for maintaining and supporting a supplier security program.
Monitor and track remediation activities to address weaknesses and issues discovered through security reviews or audits of vendors.
Assist with review of vendor security agreements, security exhibits, and contractual language for protecting Perdue’s data and systems involving suppliers.
Maintain visibility and address supplier breach notifications with Perdue’s Incident Response team to understanding impact and mitigations.
Minimum Education and Experience
Bachelor’s degree in Information Systems, Cyber Security, Computer Science or related discipline is preferred, however, equivalent years of experience may be considered in lieu of educational requirements.
A minimum of five (5) years of Information Technology experience, with at least three (3) years within Information Security.
Understanding of industry control frameworks and standards, NIST CSF, NIST 800, ISO 27000, CIS, PCI-DSS.
Knowledge of common security risks, vulnerabilities, and threats.
Able to conduct risk analysis, provide guidance on risk treatment.
Able to discuss issues at technical and business levels with audiences of various backgrounds.
Preferred Certifications: CISSP, CRISC, CISM and/or CISA•
Excellent interpersonal skills, self-confident, motivated, and capable of working with limited supervision.
A critical problem solver, detailed oriented, and self-starter with a passion for constant learning and improvement.
Able to communicate relevant information clearly and concisely, both verbally and in writing.
Have great people skills and able to flourish under pressure and ambiguity in a fast-paced team environment.
Perdue Farms, Inc. is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.