We use cookies to improve your experience on our site. To find out more, read our privacy policy.

Sysco Jobs

Mobile Sysco Logo
Home View All Jobs (1,344)

Job Information

Sysco SITRM Manager in HOUSTON, Texas

Job Summary:

This role is responsible for managing the global SITRM assessment team and leading the execution and implementation of Cybersecurity Supplier IT Risk Management (SITRM) Program. This role acts as the backup for the SITRM Director; leads the design, implementation, and enhancement of Program capabilities; interfaces with senior stakeholders on supplier cyber risks, and manages the assessment teams based in Poland and Sri Lanka.

Duties and Responsibilities:

  • Manage Supplier IT Risk program global assessment team in the execution of security supplier due diligence of suppliers across all stages of the supplier lifecycle, manage program operations, and act as the primary point of contact for stakeholders – global vendor management teams, legal, technology, business functions, and Cyber teams.

  • Manage global assessment team performance and coach team members to execute with focus and deliver high quality. Educate stakeholders on program changes and upstream and downstream impacts.

  • Design, build, and communicate program metrics and reporting to leadership.

  • Provide input on third party security controls, exceptions, and remediation plans.

  • Provide subject matter knowledge and feedback on Cybersecurity controls and standards for the enterprise.

Education Required:

Bachelor’s Degree in Information Technology, Information Systems, Computer Science or a related technical field of study. Related experience may be considered in lieu of required education.

Education Preferred:

Master’s Degree in Information Technology, Information Systems, Computer Science or a related technical field of study.

Experience Required:

  • 10 or more years of experience in supplier IT risk, vendor, or third-party security risk management.

  • Strong experience in designing and implementing third party security risk assessment methodologies, frameworks, and program capabilities.

  • Strong experience with third party security assessment and management tools (Archer preferred)

  • Strong experience in coordinating and managing work performed by internal and external team resources.

  • Strong experience in process improvement and re-engineering, business requirements capturing, and process flowcharts.

  • Strong working experience with Shared Assessment Third-Party Risk Management practices and questionnaires.

  • Solid experience in application, network, and cloud security domains and assessments.

  • Experience in large enterprise environments.

  • Excellent oral and written communication and ability to engage with senior stakeholders across the enterprise.

Licenses/Certification Required:

Certified Information on Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Shared Assessments Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Assessor (CTPRA), Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP)

Licenses/Certification Preferred:

Certified Information on Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Shared Assessments Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Assessor (CTPRA), Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP)

Technical Skills and Abilities:

  • Strong strategic thinking and planning skills.

  • Strong verbal and written communication, negotiation, analytical, time management, organizational, and relationship management skills.

  • Comfortable dealing with ambiguity, making decisions with sub-optimal/incomplete information.

  • Ability to analyze and challenge current working methods to create improvements in processes and result.

  • Experience working with cross functional teams.

  • Ability to work independently within a geographically dispersed team.

  • Understand and comply with all applicable company policies.

Language Requirements:

Fluency in written and spoken English

Physical Demands:

Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of this job.

Work Environment:

Professional work environment. Will be mainly a remote work environment with hoteling capabilities at the Corporate office. Required to interact with a computer, and communicate with peers, co-workers, management, and vendors.

AFFIRMATIVE ACTION STATEMENT:

Applicants must be currently authorized to work in the United States. We are proud to be an Equal Opportunity and Affirmative Action employer, and consider qualified applicants without regard to race, color, creed, religion, ancestry, national origin, sex, sexual orientation, gender identity, age, disability, veteran status or any other protected factor under federal, state or local law. This opportunity is available through Sysco Corporation, its subsidiaries and affiliates.

DirectEmployers