This position is with the Cyber Governance Compliance & Risk Management Team at Sysco to manage and support the Cyber Risk Management and Compliance areas. You’ll work closely with the compliance team to hone and deliver our GRC program while also working alongside Technology and Business teams to help integrate security best practices into their processes to ensure consistent adherence to controls. Additionally, you will assist in developing cyber security requirements, conducting cyber risk assessments, evaluating security services and technologies, and reviewing and documenting information security policies and procedures.

Responsibilities

• This position is an experienced level, hands-on GRC Analyst, performing IT security functions and maintaining systems, while providing technical guidance to the team

• The GRC analyst will be responsible for leading the day-to-day cyber compliance, data governance, and cyber risk management functions.

• The role will include responsibility for defining, creating, and managing cyber and organizational policies and standards in support of legal and regulatory compliance including PCI, NACHA as well as general cyber and organizational information security practices.

• The analyst will participate in process improvements to the RSA Archer Platform

• Collaborate with stakeholders, business analysts, process leaders, and architects in interpreting requirements and configuring them into software platform.

• Execute cybersecurity risk assessment and control attestation processes in GRC.

• Participate in the development and implementation of the system-wide risk management function of the information security program to ensure cyber security risks are identified and monitored.

• Participate in the system-wide information security compliance program, ensuring cyber activities, processes, and procedures meet defined requirements, policies and regulations.

• Monitor, track and manage Cyber Findings, Exceptions and Issue tracking along with reporting them to respective teams.

• Candidate should be able to provide GRC guidance and interpretation of rules, regulations, risks, and best practices.

• Ability to trouble shoot, identify, analyze and mitigate GRC related risks in existing processes, policies and procedures.

• Review control effectiveness evidence to assess the quality and effectiveness of the implemented controls.

• Document residual risk.

• Prepare and communicate operational metrics and trend analysis for the Cybersecurity Leadership Team

Qualifications

• Bachelor’s Degree in one of the following fields or a related discipline:  Cybersecurity, Information Security ,  Information Technology or Computer Science.

• Bachelor’s and three (7) years or more of related experience

• 5 years of experience in GRC, risk management and/or policy management

• 5 years of experience in risk assessment, IT policy, compliance requirements

• 5 years of experience with RSA Archer or other GRC Tools/Platform.

• Strong understanding of cybersecurity frameworks, regulatory compliance standards, and enterprise risk management practices.

• Excellent communication skills in English (B2+ or higher) and ability to collaborate across functions and geographies.

Benefits:

• Hybrid position with on-site presence required based on business needs. (Site: Ultra park II Lagunilla, Heredia)

• ​Private Medical Insurance

• Asociacion Solidarista

• Life Insurance

• Personal Day Off

Note: Only candidates with Costa Rican nationality or valid immigration status will be considered; applicants residing outside Costa Rica will not be considered, and relocation is not available