Lead Analyst - Cybersecurity (SITRM)  

Location: Krakow, Poland (Hybrid)  

Type: Full-time employment  

Shift: 9 am to 5.00 PM local Poland time 

Job Summary 

This role is responsible for executing and supporting Sysco’s global Cybersecurity Supplier IT Risk Management (SITRM) Program 

Responsibilities 

• ​​Execute security risk assessment and analysis of suppliers across all stages of the supplier lifecycle and act as the primary point of contact for international supplier assessments and partner with global vendor management teams, technology, and business functions to educate and communicate cyber risk.​ 

• Collaborate with stakeholders to review Cybersecurity terms in supplier agreements 

• ​​​​​Support implementation and operation of program enhancement efforts including assessment process and technical requirements. Train team members and stakeholders on updated program and processes changes.​​​​ 

• ​​Prepare and communicate monthly program metrics and reporting to appropriate stakeholders.  ​ 

• ​​Provide input on third party security controls, exceptions, and remediation plans to continuously improve assessment process to reduce cyber risk. ​ 

• ​​​​​​Support implementation and operation of program enhancement efforts including assessment process and technical requirements. Train team members and stakeholders on updated program and processes changes.​​​​​ 

Qualifications 

• ​​Bachelor’s Degree in Information Technology, Information Systems, Computer Science or a related technical field of study. ​Related experience may be considered in lieu of required education.​​ 

• ​​6 or more years of experience in IT audit, supplier IT risk, vendor, or third-party security risk management. 

• ​Solid experience in process improvement and re-engineering, business requirements capturing, and process flowcharts. 

• ​Solid experience in application, network, and cloud security domains and assessments. 

• ​Working experience third party security risk assessment methodologies and industry frameworks. 

• ​Working experience with third party security assessment and management tools (Archer preferred) 

• ​Knowledge of Shared Assessment Third-Party Risk Management practices and questionnaires.  

• ​Strong critical thinking and planning skills. 

• ​Experience in large enterprise environments. 

• ​Excellent oral and written communication and ability to engage with stakeholders across the enterprise.​ 

Licenses/Certifications Required: 

​​Certified Information on Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Shared Assessments Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Assessor (CTPRA), Information Systems Security Architecture Professional (ISSAP), or Information Systems Security Engineering Professional (ISSEP)​ 

Technical Skills and Abilities 

• ​​Strong verbal and written communication, negotiation, analytical, time management, organizational, and relationship management skills. 

• ​Comfortable dealing with ambiguity, making decisions with sub-optimal/incomplete information. 

• ​Ability to analyze and challenge current working methods to create improvements in processes and result. 

• ​Experience working with cross functional teams. 

• ​Ability to work independently within a geographically dispersed team. 

• ​Understand and comply with all applicable company policies.​ 

Why Join Us  

• Be part of a global cybersecurity team protecting a dynamic enterprise environment.  

• Opportunity to work with modern security technologies and drive tool innovation.  

• Collaborative culture with professional development opportunities.  

• Hybrid work model with our Kraków office as the primary location.