Cyber Security Compliance Analyst

Joining King's Hawaiian makes you part of our `ohana (family). We are a family-owned business for over seventy years, respecting our roots while thinking about our future as we continue to grow and care for our customers and the communities we serve. Our `ohana members build an environment of inclusivity as they freely collaborate, pursue learning through curiosity, and explore innovation as critical thinkers. Beyond that, we are also passionate about supporting the long-term health and well-being of our employees and their families. If you're excited to rise with our team, come and join our `ohana!
Working under general supervision, the Cyber Security Compliance Analyst will be responsible for monitoring, managing, and closing existing compliance issues while also ensuring that internal and external systems are compliant with security standards. In carrying out these functions, the Cyber Security Compliance Analyst's responsibilities include the identification, evaluation, and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks. Employees in this position may interact with their leader several times a week to receive guidance and feedback. Some non-routine activities may require their leader's advance approval, but routine decisions within the general scope of the role may be made independently.
ESSENTIAL JOB DUTIES AND RESPONSIBILITIES

• Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards in order to validate maintenance of secure configurations.
• Track enterprise compliance across multiple security frameworks including SOC 2, NIST and FISMA and maintain up-to-date records of requirements and corresponding mitigating controls.
• Monitor third-party risk assessments and lead internal risk assessments.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Develop key performance metrics to track and ensure compliance with established policies and standards.
• Support development of security processes and procedures to ensure that security controls are managed and maintained.
• Research/evaluate emerging cyber security threats and ways to mitigate them.
• Support development of disaster recovery and contingency plans to be used in the event of any security breaches.
• Liaise with stakeholders in relation to cyber security issues and provide future recommendations.
• Assist with the creation, maintenance, and delivery of cyber security awareness training for employees.
• Meet Service Level Agreements for all incident or change tickets assigned to you within the service desk software.
• Perform other duties as required or assigned which are reasonably within the scope of this role.

BASIC QUALIFICATIONS (EDUCATION and/or EXPERIENCE)

• Bachelor's degree from an accredited 4-year college or equivalent relevant experience required ; with an emphasis in business preferred.
• Five (5) years' experience in a cyber security role with business and IT audit or compliance experience preferred
• Five (5) years' experience conducting security control assessments or audits.
• Two (2) years' experience developing or managing a security awareness program.
• One industry certification (e.g. CISA, CISM, CISSP) preferred.

ADDITIONAL QUALIFICATIONS (JOB SKILLS, ABILITIES, KNOWLEDGE)

• Working knowledge and understanding of FISMA, NIST and SOC-2 information security standards
• Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO preferred.
• Proficient oral and written communication abilities.
• Expert ability to maintain security documentation.
• Expert analytical and critical-thinking abilities.
• Expert abilities in detail-orientation, being a self-starter, with working independently, and managing competing tasks with shifting priorities
• Working knowledge of the cyber security risks associated with various technologies and ways to manage them.
• Working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and anti-virus
• Working knowledge of penetration testing, vulnerability scanning and using log management solutions.
• Proficient ability to work under pressure, particularly when dealing with cyber security threats and at times of high demand.
• Ability to travel up to 10% of the time
• Ability to consistently demonstrate King's values of excellence, dignity, saying it like it is in a way that can be heard; and curiosity, collaboration, critical thinking and emotional intelligence.

Pay Range: $80,000-$130,000
King's Hawaiian is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for our ohana.