cybersecurity analyst senior, governance

Now Brewing – cybersecurity analyst senior, governance! #tobeapartner

From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection. We are known for developing extraordinary leaders who share this passion and are guided by their service to others. Starbucks technologists work to achieve this mission with innovative technology delivered to our partners, customers, stores, roasters, and global communities.

A successful cybersecurity analyst sr at Starbucks is collaborative, organized, and able to work effectively in a self-directed manner with minimal direction from lead and/or manager.

You should have strong critical and analytical thinking skills, exhibit exceptional oral and written interpersonal and communication skills, and have experience in cybersecurity governance, risk and compliance (GRC) or a related cybersecurity domain. This position reports to the manager of cybersecurity governance within the Global Cybersecurity Services (GCS) organization.GCS is chartered with leading, inspiring, and supporting Starbucks to cultivate trust in our brand by ensuring confidentiality, integrity, & availability in every partner, customer & supplier experience.

This position will provide governance advisory services and support our ongoing governance tools lifecycle process. You will be responsible for gathering, documenting and assessing policies, standards, controls, procedures and configurations across our governance tools architecture and common controls framework.An effective analyst will develop subject matter expertise across the GRC and GCS portfolio by collaborating with functional experts and stakeholders to understand and document our data and technology landscape.

This role requires a unique blend of technical, cybersecurity and analytical expertise, a product ownership mindset, and systems thinking – ideal for someone who thrives at the intersection of business strategy and execution of cybersecurity GRC. This position models and acts in accordance with Starbucks guiding principles.

As a cybersecurity analyst sr governance, you will…

• Partner closely with business stakeholders throughout the organization to gather and translate requirements into actionable controls to reduce risk, ensure compliance, and build operational resilience across the enterprise.

• Support development and implementation of cybersecurity governance tools from policies to control procedures by gathering requirements from senior analysts and leadership, drafting documents and revising based on executive feedback while ensuring all feedback and changes are traceable through the document lifecycle. 

• Assess and recommend changes to governance tools through regular reviews and monitoring to ensure consistency, accessibility and coverage in a rapidly evolving business, technology and regulatory environment.

• Document and steward records for new and existing security controls which are critical inputs to risk assessments, system security plans and compliance services.

• Enjoy working on an energetic, fun team with demonstrated ability to work in an increasingly self-directed manner with the ability to balance multiple priorities and meet deadlinesto drive the business forward as part of a highly collaborative team. 

• Be accountable for the quality and success of the outcome of your work – You will ensure processes are known, documented, maintained, and properly performed to produce consistent, timely, high-quality deliverables.

We’d love to hear from people with:

• Bachelor’s degree Computer Science or related field and 3-5 years of relevant technology experience in cybersecurity governance, risk and compliance or related cybersecurity domain.

• Proven working knowledge of systems development lifecycle and IT operations.

• Configuration knowledge of relevant applications/modules/platforms.

• Proven knowledge of multidisciplinary principles and practices for achieving successful outcomes in various projects and activities.

• Extensive experience and expertise on security best practices and industry standards, such as ISO 27001, SOC-2, NIST 800-53, NIST CSF, and PCI.

• Ability to understand the compliance implications of emerging technologies.

• An aptitude for understanding and navigating technically complex issues, delivering solutions that meet business objectives.

• Customer Focus: Delivers legendary service that meets and exceeds all customers' expectations.

• Program Support: Conducting assessments and designing processes to support ST controls and compliance, supporting control remediation efforts, and driving continuous improvement. Analyze legal and regulatory requirements, manage policies and procedures, and provide governance support, while coordinating program activities.

• Leadership: Coaching, mentoring, and training other analysts to enhance their skills and knowledge within the team. It also includes developing and proposing program innovations to drive continuous improvement and bring new ideas to the organization.

• Strategy: Coordinating gap analysis and aligning with governance frameworks such as ISO 27001, COBIT, and GAPP, while implementing those frameworks as appropriate. Additionally, it includes developing risk and controls mapping frameworks for reference by Starbucks Technology and assisting in the development of annual or multi-year ST Controls and Compliance Readiness program roadmaps.

• Advanced Technical Knowledge: Strong understanding of advanced cybersecurity concepts and tools.

• Security Strategy: Capability to contribute to the development and execution of the cybersecurity strategy.