** Prior to applying it is required that you inform your manager of your desire to apply for a new position. **

Why choose us?

Are you ready to take the next step in your career? Join us for an exciting opportunity at Albertsons Companies, where innovation and customer service go hand-in-hand!

At Albertsons Companies, we are looking for someone who’s not just seeking a job, but someone who wants to make an impact. In this role, you’ll have the opportunity to lead, innovate, and contribute to the growth of a company that values great service and lasting customer relationships. This position offers the chance to work in a fast-paced, dynamic environment that’s constantly evolving.

 

Main responsibilities:

This Senior Staff Analyst will be instrumental in supporting the execution of our information security controls testing program and leading the development of our enterprise risk management (ERM) framework. They will work across various technological domains, focusing on ensuring the design and operating effectiveness of security controls toward ensuring a more secure environment. This security professional will be responsible for collaborating with stakeholders to identify control deficiencies and develop actionable remediation plans toward safeguarding our critical assets and sensitive information.  

Key Responsibilities include, but are not limited to: 

Support execution of our information security controls testing program, including planning, fieldwork, analysis, and reporting for various control types (technical, administrative, physical)  Develop and document detailed test plans and methodologies to assess the design and operating effectiveness of security controls against established frameworks (e.g. NIST CSF, ISO 27001, CIS Controls, etc.)  Identify control deficiencies, analyze root causes, and propose practical and actionable remediation recommendations to control owners and other stakeholders  Lead the development and implementation of a formal enterprise risk management (ERM) program, including risk definition, identification, assessment, and treatment processes  Facilitate risk treatment discussions to capture remediation plans toward enabling both timely and effective closure of identified risks  Contribute to the development and maintenance of GRC policies, standards, and procedures, ensuring alignment with regulatory requirements and industry best practices  Assist in the preparation for, and execution of, external audits and assessments   Develop and deliver training and awareness materials on GRC principles and practices to various audiences  Leverage GRC tools and technologies to streamline and automate GRC processes, including controls testing and risk management  Stay abreast of emerging threats, vulnerabilities, and regulatory changes impacting the information security landscape  Mentor and provide guidance/training to less experienced staff as a subject matter expert 

Information Security skills and experience 

You are a self-starter capable of prioritizing, developing, and executing controls testing plans with limited supervision  You can interpret and contextualize control objectives to analyze their efficacy given a wide variety of technologies and business processes  You possess strong conceptual thinking and have excellent communication skills  You can articulate risk and controls concepts to a wide variety of audiences  You have working knowledge of industry standard controls frameworks (e.g. NIST CSF, CIS Controls, ISO 27001, etc.)   You have a strong understanding of technology risk, information security fundamentals, defense-in-depth practices, risk assessment fundamentals, and risk management practices  You are capable of articulating risk in business-impact terms  You understand network, cloud, and application security principles and have experience with controls approaches addressing various risks in all domains  You have a strong desire to continually learn about new technologies 

Key Success Criteria: 

Successful and timely execution of the controls testing plan, with clear identification of control gaps and actionable remediation plans  Establishment of a foundational enterprise risk register with clearly defined risks, assessments, and ownership  Demonstrated improvement in the maturity of our internal controls testing processes and documentation  Positive feedback from internal stakeholders on the clarity, effectiveness, and constructive nature of GRC engagements  Development of clear and concise reporting on control effectiveness and risk posture for management review  Proactive identification and escalation of potential security risks and control weaknesses  Effective collaboration and communication with IT, business units, and other relevant departments  Contributions to the enhancement of GRC policies, standards, and procedures that are practical and effective  Mentorship of junior team members, fostering their growth and development  Positive contributions to the overall security culture and awareness within the organization 

The position will be based in Pleasanton, CA or Boise, ID.

We are looking for candidates who possess the following:

Bachelor’s degree (Computer Science, Information Systems, or a related field) or equivalent practical work experience  10+ years of professional cybersecurity experience focused on executing controls testing, risk assessments, and remediation plan development  Proven experience in developing and implementing internal controls testing programs  Demonstrated experience in building and maturing risk management frameworks  Professional certifications desired (CISSP, CRISC, CISM, CISA, etc.)  Strong analytical and problem-solving skills  Excellent written and communication skills with the ability to present complex information clearly and concisely to various audiences  Experience with GRC platforms and tools (i.e. RSA Archer) is highly desirable  Familiarity with scripting languages (e.g., Python, PowerShell) for automation is an advantage 

We also provide a variety of benefits including:

Competitive wages paid weekly Associate discounts Health and financial well-being benefits for eligible associates (Medical, Dental, 401k and more!) Time off (vacation, holidays, sick pay).  For eligibility requirements please visit myACI Benefits Leaders invested in your training, career growth and development An inclusive work environment with talented colleagues who reflect the communities we serve

 

Our Values – Click below to view video:   ACI Values

 

The salary range is $ 157,900 to $ 205,300 annually. Starting salary will vary based on criteria such as location, experience, and qualifications. There may be flexibility  for exceptional candidates.
 

A copy of the full job description can be made available to you.

#LI-MF1