IT Security, Third Party Risk Manager (remote) - job 1 of 2

ARE YOU A CURRENT US FOODS EMPLOYEE? PLEASE APPLY DIRECTLY THROUGH OUR INTERNAL WORKDAY CAREER SITE.Join Our Community of Food People!At US Foods®, innovation and technology is our superpower. By expanding our digital ecosystem and leading with a customer-first mindset, we're delivering technology that empowers our customers and simplifies business. As we transform the digital landscape of the foodservice industry, we're outpacing our competitors faster than ever before.We believe diversity is the cornerstone of creativity and innovation-and we foster an open, inclusive, flexible work environment that supports our transformation.US Foods is looking for a motivated security professional to join our Information and Cybersecurity Team. This individual will be working within Digital and Technology organization and will lead the enterprise Third-Party Risk Management (TPRM) program. This position is accountable and responsible for enhancing, implementing, and maintaining policies, procedures, and controls that align with industry practices for TPRM.The Third Party Risk Manager maintains a comprehensive list of third-party providers, applications, and services from the time of onboarding through termination. The Third Party Risk Manager establishes and implements the appropriate processes to ensure the company's information resources and data are appropriately protected. The Third Party Risk Manager identifies, evaluates, and reports on information security risks so the business is aware and can act accordingly.Flexible Work Policy: The work for the Third Party Risk Manager position is completely 100% remote anywhere in the United States except Hawaii or United States Territories. This position may have the potential to travel up to 20% dependent on business needs.RESPONSIBILITIES• Lead the TPRM program and is responsible for identifying, evaluating, and reporting relevant information security risks presented by the third parties so that the business is aware and can act accordingly.• Evaluate third-party vendors, applications, and services and determine the relevant security controls to mitigate the identified risks.• Maintain a comprehensive and current list of the company's third-party providers, applications, and services from the time of onboarding through termination.• Manage, track, and report on third-party security assessment status.• Collaborate with key stakeholders to enhance awareness of TPRM program and to improve visibility of new third parties.• Collaborate with Legal to review and redline security requirements in contracts.• Evaluate and enhance third-party processes, policies and documentation, with emphasis on security, privacy, data handling, business resiliency, and compliance with relevant framework requirements.• Evaluate third parties against their processes and use relevant industry technology (e.g., Security Scorecard, BitSight) to determine the third parties' ability to defend against ransomware, denial of service, application vulnerabilities, and other emerging threats.• Provide oversight to team members performing security analyses, including requiring thorough documentation of findings, providing recommendations, and reporting gaps.• Develop and implement key metrics to demonstrate the effectiveness of the TPRM program.• Respond to Third Party Risk surveys and questionnaires from US Foods customers• Perform other duties as assigned.RELATIONSHIPSInternal: Information and Cyber Security Team, Internal and external audit, Security Engineering, Security Architecture, Cloud/DevSecOps, Data, and Product TeamsExternal: Technology vendors, including software and service providers; customer risk management representative, relevant managed security services, and professional services vendors, value stream vendorsWORK ENVIRONMENT: This role has been segmented as Remote, meaning works remotely. Can live anywhere in continental US and Alaska. Travel as needed for business- 20%.QUALIFICATIONS• At least 7 years of information security experience in one or more roles in GRC, Compliance, Risk, Third Party Risk Management, or Audit.• Broad foundational knowledge in many information and cyber security domains with priority given to third party risk management and risk management.• Familiarity with compliance requirements (PCI, HIPAA, SOX, etc) and with security frameworks such as NIST CSF, ISO 27001, CIS, etc.• Strong project management, multitasking, and organizational skills.• Demonstratable experience in building positive working relationships with leaders and associates across multiple areas of the business.• Must have the ability to work independently and make decisions that reflect the policies of the Information and Cyber Security Team.• Experience measuring and tracking cybersecurity risks, issues, and exceptions.• Ability to advise, collaborate, and work in a team environment enabling others to trust your input and seek your guidance.• Ability to influence without authority to drive desired outcomes.• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.• Proactive self-development, staying current on evolving threat landscape, security trends/best practices, and dynamic regulatory requirements.Education• Bachelor's degree from an accredited college/university OR equivalent professional experience requiredRelated Experience/Requirements• Experience developing, measuring, and tracking key performance metrics, preferably in a cybersecurity program• Highly organized, efficient, and attention to detail• Demonstrable track record of successful development of resources, mentoring, and career guidance• Strong written and verbal skills enabling effective communication with different levels of leadershipCertifications/Training: Preferred but not required: SANS GSEC, GCIA (or related), CISSP, ISACA certifications (e.g., CISA, CISM, CRISC)The following information is provided in accordance with certain state and local laws. Compensation depends on experience, geographic locations, and other factors permitted by law. In California, the expected compensation for this role is between $115,900 and $154,500. In Connecticut, the expected compensation for this role is between $122,000 or 162,700. In Colorado, the expected compensation for this role is between $102,500 and $136,700.In Maryland, the expected compensation for this role is between $109,500 and $146,100. In Minnesota, the expected compensation for this role is between $102,500 and $136,700. In New York, the expected compensation for this role is between $122,000 or 162,700. In Rhode Island, the expected compensation for this role is between $109,500 and $146,100. In Washington, the expected compensation for this role is between $115,900 and $154,500. This role is also eligible for annual incentive plan bonus. Benefits for this role include health insurance, pre-tax spending accounts, retirement benefits, paid time off, short-term and long-term disability, employee stock purchase plan, and life insurance. To review available benefits, please click here: https://www.usfoods.com/careers/benefits.html .##REMOTE##LI-SK1• **EOE Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Protected Veteran/Disability Status***