Experience Inc. Jobs

Overview

At Cracker Barrel, our mission is Pleasing People. This is evident from the moment you walk through our doors, with the first smile that greets you, from the items in our retail store to the food on the table, we welcome you home!

The Senior Information Systems Security Analyst leads and manages the development, implementation and maintenance of complex and varied security controls needed to effectively and efficiently support Cracker Barrel’s business. Plays a key role in Cracker Barrel’s compliance strategy by establishing security policies/procedures and taking corrective actions concerning non-compliance to information security standards. Implements and maintains processes for auditing and reporting security risk. Partners with cross-functional experts to resolve compliance issues. Leads security awareness and education efforts. Leads internal and external risk management practices.

Responsibility

• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.

•Serve as a liaison for the security team with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.

• Review and approve regular internal and external requests related to security, privacy, and regulatory needs.

• Leads and works collaboratively across multiple business units to gather documentation for regulatory and compliance assessments, including PCI and SOX.

• Conducts regular system security evaluations, risk assessments, audits and reviews.

• Maintain oversight in a GRC-related platform.

• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.

• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.

• Maintain strong oversight of third parties to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.

• Analyze findings, and document, recommend and report program gaps to security leadership.

• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures.

• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.

• Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.

• Maintain third-party management standards, questionnaires, and documentation to adhere to regulatory compliance.

• Create innovative security awareness campaigns using solution provider and custom-developed tools designed to be flexible and adaptable across a diverse employee population

• Leverage multiple delivery methods (e.g., print, video, in-person, gamification, social and computerbased training) to accommodate different employee comprehension capabilities.

• Perform other duties as assigned.

Qualifications

Experience and Education

• Bachelor’s Degree or Equivalent Experience Required; Computer Science, Information Systems/Technology, Business Administration or a Related Field Preferred.

• 5+ years’ experience in cybersecurity as a practitioner and with 2 to 3+ years exposure with various security frameworks.

• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, and CCPA. Additional experience in one or more of the following: NIST CSF, ISO 27001/2 or ITIL.

Certifications

• Preferred: Certified Information Systems Auditor (CISA), GIAC Security Essentials Certification (GSEC) or similar

Knowledge and Skills

• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.

• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.

• Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is required.

• Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines.

• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

• Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.

Environment and Working Conditions

• Must be able to travel up to 20% of the time

• If you are local to the Nashville area, this role is a hybrid role. In Office Monday-Wednesday. If you are not local to the Nashville area, this role is open to fully remote.

Take the Next Step

Connect With Us! (https://officecareers-crackerbarrel.icims.com/jobs/52182/sr-information-systems-security-analyst/job?mode=apply&apply=yes&in_iframe=1&hashed=-336176107)

In compliance with federal and state equal employment opportunity laws, qualified applicants are considered for all positions without regard to race, color, religion, sex, sexual orientation, genetic information, national origin, age, marital status, medical condition, disability or any other class expressly protected by law. Qualified applicants are considered for employment according to the laws of the respective state of employment. If you feel this policy has been violated, you may report such instances to the Employee Relations Department online ( http://www.crackerbarrel.com/contact-us/employee/ ) or toll free at 1 800-333-9566.

Cracker Barrel does not unlawfully discriminate in hiring. If you are interested in applying for a position and need a reasonable accommodation during the application process, please contact (1-800-333-9566) so that we can work with you to reasonably accommodate you. Note that individuals who have any hearing impairment will be reasonably accommodated in the application process.

City/State US-TN-Lebanon

Location 307 Hartmann Drive

Category Home Office

Address Home Office

Location : Postal Code 37087

In compliance with federal and state equal employment opportunity laws, qualified applicants are considered for all positions without regard to race, color, religion, sex, sexual orientation, genetic information, national origin, age, marital status, medical condition, disability or any other class expressly protected by law. Qualified applicants are considered for employment according to the laws of the respective state of employment. If you feel this policy has been violated, you may report such instances to the Employee Relations Department online (http://www.crackerbarrel.com/contact-us/employee/ ) or toll free at 1 800-333-9566.

Cracker Barrel does not unlawfully discriminate in hiring. If you are interested in applying for a position and need a reasonable accommodation during the application process, please contact (1-800-333-9566) so that we can work with you to reasonably accommodate you. Note that individuals who have any hearing impairment will be reasonably accommodated in the application process.