senior cybersecurity analyst, risk

Starbucks Coffee Company•Seattle, WA

19h•Onsite

About The Position

This position reports to the manager of cybersecurity risk within the Global Cybersecurity Services (GCS) organization. GCS is chartered with leading, inspiring, and supporting Starbucks to cultivate trust in our brand by ensuring confidentiality, integrity, & availability in every partner, customer & supplier experience. This job contributes to Starbucks' success by facilitating and managing a risk management program and processes to aid in the mitigation of cyber risks. Success for the role will be the delivery of clear, consistent, and globally integrated cybersecurity operational risk services and will be measured by program adoption and risk reduction metrics. Multiple stakeholder groups rely on the effective delivery of repeatable and data-driven risk services and functions across the cybersecurity organization. This role is essential to drive down overall cyber security risks at Starbucks.

Requirements

Operational knowledge of risk management programs
Operational knowledge of Issue and Exception management
Experience in implementing and operating risk management programs
Ability to lead key program initiatives from inception to delivery and adoption
Knowledge of security, data privacy, compliance, regulatory requirements
Working knowledge of industry frameworks, methodologies including NIST, ISO, COSO
Must hold at least one of the industry security/privacy certifications including CISM, CRISC, CIPP, CISSP
Experience in developing key metrics and reporting on program performance to leadership
Clear understanding and management of GRC Security Domains including risks within Cybersecurity, data privacy, continuity, vulnerability, incidents, and emerging areas such as GenAI
Ability to collaborate with technical teams including Security Architecture/Engineering, International teams, and leadership
Ability to manage multiple initiatives and prioritize workload based on changing business needs and team priorities
Ability to develop and drive requirements to support program enhancements and experience in release management
Ability to ensure complete, accurate, and timely data management across risk and GRC programs, supporting reliable decision making and reporting
Ability to leverage data and analysis to identify trends, emerging risks, and control gaps, translating data sets into actionable outcomes.
Dedicated to value creation and delivering quality outcomes/deliverables that aligns to meeting business objectives
Experience in delivering security/risk training and performing knowledge transfer to team members as required
Bachelor’s degree in computer science or a related field or 3+ of relevant experience.
Apply knowledge of business principles and technology practices to achieve successful outcomes in cross-functional activities.
Excellent analytical and problem-solving skills.
Expertly align systems to business needs.
Generate comprehensive documentation in support of systems.
Exhibit exceptional oral and written interpersonal and communication skills.
Apply a deep understanding of business processes and process improvement initiatives.
Implement systems development concepts effectively.
Proven working knowledge of systems development lifecycle and IT operations.
Ability to use business knowledge, sound judgment, and resourcefulness to design and deploy highly reliable and sustainable technology solutions.
Ability to balance multiple priorities and meet deadlines.
Configuration knowledge of relevant applications/modules/platforms.

Nice To Haves

Cross-industry consulting experience preferred

Responsibilities

Facilitate and manage a risk management program and processes to aid in the mitigation of cyber risks.
Deliver clear, consistent, and globally integrated cybersecurity operational risk services.
Establish and manage outcome-based initiatives using standardized processes and industry best practices.
Adjust speed of delivery based on program maturity, adoption, and capacity.
Develop key metrics and reporting on program performance to leadership.
Collaborate with technical teams including Security Architecture/Engineering, International teams, and leadership.
Manage multiple initiatives and prioritize workload based on changing business needs and team priorities.
Develop and drive requirements to support program enhancements and experience in release management.
Ensure complete, accurate, and timely data management across risk and GRC programs, supporting reliable decision making and reporting.
Leverage data and analysis to identify trends, emerging risks, and control gaps, translating data sets into actionable outcomes.
Deliver security/risk training and perform knowledge transfer to team members as required.
Foster “can-do” attitude and lead by example.

Benefits

Medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits.
Short-term and long-term disability.
Paid parental leave.
Family expansion reimbursement.
Paid vacation from date of hire.
Sick time (accrued at 1 hour for every 25 hours worked).
Eight paid holidays.
Two personal days per year.
401(k) retirement plan with employer match.
Discounted company stock program (S.I.P.).
Starbucks equity program (Bean Stock).
Incentivized emergency savings.
Financial well-being tools.
100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan.
Student loan management resources.
Access to other educational opportunities.
Backup care.
DACA reimbursement.