At SpartanNash, we deliver the ingredients for a better life through customer-focused innovation. We do this for our supply chain customers and U.S. military commissaries, retail store guests and, most importantly, our Associates. In fact, we see a day when each will say, “I can’t live without them.”

Our SpartanNash family of Associates is 17,000 strong, ranging from bakery managers to order selectors; from IT developers to vice presidents of finance; from HR Business Partners to export specialists. Each of them plays an integral role in SpartanNash’s People First culture, Operational Excellence and Insights that Drive Solutions. Ready to contribute to the success of our food solutions company? Apply now!

Location:

850 76th Street S.W. - Byron Center, Michigan 49315

Job Description:

Position Summary:

The Senior Governance, Risk, and Compliance (GRC) Security Analyst is responsible for supporting the security direction of the business and elevating the company’s security posture. The Senior GRC Security Analyst is expected to support the security strategy of the business within new and existing information system capabilities. The position requires both an understanding of legacy systems, as well as new technologies and requirements. The Senior GRC Security Analyst is also responsible for maintaining the risk register and collaborating with IT teams to effectively drive risk reduction to manage corporate risk and strengthen security posture.

The role oversees the business’ security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the Senior GRC Security Analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the Senior GRC Security Analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance. The Senior GRC Security Analyst will report to the Manager, IT Governance, Risk & Compliance.

Here’s what you’ll do:

• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security to identify potential risk and maintain oversight in a GRC-related platform.

• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks.

• Document and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.

• Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.

• Analyze findings, document, recommend, and report program gaps to security leadership.

• Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance.

• Support audit practices and processes and work with the IT organization to ensure findings are remediated.

• Document and capture qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.

• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.

• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.

• Foster strong relationships with internal business units and excel in risk management, technical controls, and cybersecurity communication.

• Travel as needed to office locations and third-party on-site engagements.

• Perform other duties as assigned.

Here’s what you’ll need:

• Bachelor's degree in information assurance, MIS, cybersecurity, business, or equivalent experience.

• Master's degree preferred.

• At least five years of IT or cybersecurity experience (or IT coupled with cybersecurity), with at least two years in an operationally focused IT Assurance or security practitioner role.

• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, and GLBA.

• Experience with Payment Card Industry (PCI) assessments, PCI-P certification preferred.

• Experience creating and maintaining cybersecurity policies, standards, and procedures.

• Demonstrated knowledge of operating systems, networking security concepts, and industry best practices.

• Demonstrated understanding of legacy and progressive technology and security controls along with respective risk.

• Skilled at leading projects, collaborating with diverse teams, and promoting enterprise-wide risk management rigor and a security-first culture.

• Excellent analytical, problem-solving, troubleshooting, and decision-making skills.

• Highly organized and detail oriented, with excellent written and verbal communication skills.

• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and adaptable.

• Must be able to work independently and in a team setting.

• CISSP, CRISC, CGEIT or GRCP are preferred, but not required.

As part of our People First culture, SpartanNash is proud to offer a robust and competitive Total Rewards benefits package (https://careers.spartannash.com/why-work-here/benefits/) .

SpartanNash is an Equal Opportunity Employer, including disability and veteran, that celebrates diversity and believes employing a diverse workforce is key to our success. We are committed to providing equal employment opportunities to all individuals.

We are not able to sponsor work visas for this position.

SpartanNash (Nasdaq: SPTN) is a food solutions company that delivers the ingredients for a better life. Committed to fostering a People First culture, the SpartanNash family of Associates is approximately 17,000 strong. SpartanNash operates two complementary business segments – food wholesale and grocery retail. Its global supply chain network serves wholesale customers that include independent and chain grocers, national retail brands, e-commerce platforms, and U.S. military commissaries and exchanges. The Company distributes products for every aisle in the grocery store, from fresh produce to household goods to its OwnBrands, which include the Our Family® portfolio of products. On the retail side, SpartanNash operates 144 brick-and-mortar grocery stores, primarily under the banners of Family Fare, Martin’s Super Markets and D&W Fresh Market, in addition to dozens of pharmacies and fuel centers. Leveraging insights and solutions across its segments, SpartanNash offers a full suite of support services for independent grocers. For more information, visit spartannash.com .