Lead Analyst - Cybersecurity (SITRM)

Location: Krakow, Poland (Hybrid) 

Type: Full-time employment

Shift:9 amto500 PMlocal Poland time

This roleis responsible forexecuting and supporting Sysco’sglobalCybersecurity Supplier IT Risk Management(SITRM) Program

Responsibilities

• ​​Execute security risk assessment and analysis of suppliers across all stages of the supplier lifecycle and act as the primary point of contact for international supplier assessments and partner with global vendor management teams, technology, and business functions to educate and communicate cyber risk.​

• Collaborate with stakeholders to review Cybersecurity terms in supplier agreements

• ​​​​​Support implementation and operationof program enhancement effortsincluding assessment process and technical requirements.Train team members and stakeholders on updated program and processes changes.​​​​

• ​​Prepare and communicate monthly program metrics andreportingto appropriate stakeholders. ​

• ​​Provide input on third party security controls, exceptions, and remediation plans to continuously improve assessmentprocessto reduce cyber risk. ​

• ​​​​​​Support implementation and operationof program enhancement effortsincluding assessment process and technical requirements.Train team members and stakeholders on updated program and processes changes.​​​​​

Qualifications

• ​​Bachelor’s Degree in InformationTechnology,Information Systems,Computer Science or a relatedtechnicalfield of study​Related experience may be considered in lieu of required education​​

• ​​6 or more years of experience in IT audit, supplier IT risk, vendor, or third-party security risk management.

• ​Solid experience in process improvement and re-engineering, business requirements capturing, and process flowcharts

• ​Solid experience in application, network, and cloud security domains and assessments.

• ​Working experience third party security risk assessment methodologies and industry frameworks.

• ​Working experience with third party security assessment and management tools (Archer preferred)

• ​Knowledge of Shared Assessment Third-Party Risk Management practices and questionnaires.

• ​Strong critical thinking and planning skills.

• ​Experience in large enterprise environments

• ​Excellent oral and written communication and ability to engage with stakeholders across the enterprise.​

Licenses/Certifications Required

​​Certified Information on Systems Security Professional (CISSP), Certified Information Security Manager (CISM),Certified Information Systems Auditor (CISA),Shared Assessments Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Assessor (CTPRA), Information Systems Security Architecture Professional (ISSAP),orInformation Systems Security Engineering Professional (ISSEP)​

Technical Skills and Abilities

• ​​Strong verbal and written communication, negotiation, analytical, time management, organizational, and relationship management skills.

• ​Comfortable dealing with ambiguity, making decisions with sub-optimal/incomplete information.

• ​Ability to analyze and challenge current working methods to create improvements in processes andresult

• ​Experience working with cross functional teams

• ​Ability to work independently within a geographically dispersed team.

• ​Understand andcomply withall applicable company policies​

Why Join Us 

• Be part of a global cybersecurity team protecting a dynamic enterprise environment. 

• Opportunity to work with modern security technologies and drive tool innovation. 

• Collaborative culture with professional development opportunities. 

• Hybrid work model with our Kraków office as the primary location.