Lead IT Compliance Analyst (remote)

Flexible Work Policy: The work for the Lead IT Compliance Analyst position is completely remote anywhere in the United States except Hawaii or United States Territories. RESPONSIBILITIES • Lead and manage the organization’s annual PCI DSS compliance program, including evidence collection, gap remediation, and annual assessment submission. • Serve as the primary point of contact for SOX ITGC audits, working closely with Internal Audit and External Audit teams to ensure timely and accurate responses. • Support compliance with HIPAA, CPRA, and CMMC by maintaining documentation, tracking regulatory changes, and coordinating with legal and privacy teams. • Respond to data privacy and compliance-related inquiries, including customer assessments and regulatory requests. • Understand and articulate regulation impacts to IT value streams and help develop efficient/ effective solutions to ensure compliance. • Collaborate with IT, Security, and Business stakeholders to ensure compliance controls are embedded in technology processes and projects. • Track and report on compliance metrics, issues, and remediation efforts to leadership. • Support third-party risk assessments and vendor compliance reviews. • Promote a culture of compliance and accountability across the organization. • Stay abreast of proposed and new regulatory compliance requirements and changes by engaging in the industry and with internal experts and understanding US Foods products and processes • Conduct assessments of technology systems and processes to identify areas of risk and develop remediation plans • Participate in internal and external audits and assist with the resolution of any audit findings • Provide training and guidance to technology teams on compliance requirements and best practices RELATIONSHIPS • Internal:Information and Cyber Security Team, Digital Commerce, Internal and external audit, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, IT PMO and Product Teams • External: Regulatory and compliance organizations and auditors, External Legal Counsel, Technology vendors, including software and service providers; relevant managed security services, and professional services vendors WORK ENVIRONMENT • Remote: This role is fully remote, and the associate is expected to perform assigned responsibilities from a home-based environment. MINIMUM QUALIFICATIONS • At least 5 - 6 years of information security experience in one or more roles in GRC, Compliance, Risk, Third Party Risk Management, or IT Audit. • Broad foundational knowledge in many information and cyber security domains with priority given to regulatory compliance. • Demonstratable experience in building positive working relationships with leaders and associates across multiple areas of the business. • Must have the ability to work independently and make decisions that reflect the policies of the Information and Cyber Security Team. • Experience with compliance requirements (PCI, CPRA, HIPAA, SOX, etc.). • Familiarity with security frameworks such as NIST-CSF, ISO 27001, and CIS • Ability to effectively communicate business risk and information security concepts to audiences of varying technical acumen through multiple communication channels. • Experience measuring and tracking cybersecurity risks, issues, and exceptions • Ability to advise, collaborate, and work in a team environment enabling others to trust and grow their skills and competencies • Ability to influence without authority to drive desired outcomes. • Experience executing security compliance plans, vulnerability management programs, risk management lifecycle, and/or security assessment/governance processes • Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively • Proactive self-development, staying current on evolving threat landscape, security trends/best practices, and dynamic regulatory requirements • Experience developing, measuring and tracking key performance metrics, preferably in a cybersecurity program • Strong written and verbal skills enabling effective communication with different levels of leadership. • Highly organized, efficient, and close attention to detail. Education • Bachelor’s degree from an accredited college/university, Master’s degree preferred CERTIFICATIONS/TRAINING • Preferred but not required: SANS GSEC, GCIA (or related), CISSP, ISACA certifications (e.g., CISA, CISM, CRISC) This role will also receive annual incentive plan bonus. Benefits for this role may include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html