Why Work for KeHE?
- Full-time
- Pay Range: $78,210.00/Yr. - $104,280.00/Yr.
- Shift Days: , Shift Time:
- Benefits on Day 1
- Health/Rx
- Dental
- Vision
- Flexible and health spending accounts (FSA/HSA)
- Supplemental life insurance
- 401(k)
- Paid time off
- Paid sick time
- Short term & long term disability coverage (STD/LTD)
- Employee stock ownership (ESOP)
- Holiday pay for company designated holidays
Overview
Good people, working with good people, for our common good.
Sound good?
KeHE-a natural, organic, specialty and fresh food distributor-is all about "good" and is growing, so there's never been a more exciting time to join our team. If you're enthusiastic about working in an environment with a people-first culture and an organization committed to good living, good food and good service, we'd love to talk to you!
Primary Responsibilities
We are seeking a proactive and detail-oriented Information Security Administrator to join our cybersecurity team. This role focuses on the continuous improvement of our security operations, incident response capabilities, and organizational awareness. The successful candidate will also be responsible for managing and reporting on the vulnerability management lifecycle, maintaining the security risk register, administering security tools, and handling vendor relationships. This is a hands-on role critical to maintaining the security and resilience of our IT environment.
As with all positions at KeHE Distributors, we expect that all actions will be consistent with KeHE's Mission, Vision, and Values.
Essential Functions
DUTIES, TASKS AND RESPONSIBILITIES:
Security Operations
- Monitor daily security alerts, analyze threat intelligence, and oversee security event logs via SIEM and other monitoring tools.
- Enforce security policies and ensure adherence to best practices and compliance requirements.
- Perform regular assessments of system and network security configurations.
Incident Response
- Detect, investigate, and respond to security incidents in a timely and effective manner.
- Coordinate root cause analysis and post-incident reviews to drive improvements in processes and controls.
- Maintain and refine incident response plans, playbooks, and escalation procedures.
Vulnerability Management & Risk Reporting
- Manage and report on the organization's vulnerability management program, including scanning, tracking, and remediation efforts.
- Coordinate with IT and business teams to prioritize and remediate vulnerabilities based on risk and business impact.
- Produce regular reports on vulnerability status and trends for senior leadership.
- Maintain and update the information security risk register, ensuring identified risks are documented, assessed, tracked, and mitigated.
- Support risk assessments and contribute to risk mitigation planning in collaboration with other departments.
Cybersecurity Awareness Training
- Develop and deliver cybersecurity awareness initiatives across the organization.
- Conduct periodic phishing simulations and evaluate employee responses.
- Provide targeted training sessions based on emerging threats and observed trends.
Security Tools Administration
- Configure, maintain, and monitor security tools and platforms including, but not limited to endpoint protection, vulnerability scanners, and awareness training tools.
- Ensure timely updates, patching, and performance tuning of all security tools.
- Evaluate and recommend new technologies and solutions to enhance security operations.
Vendor Management
- Act as the primary liaison with security vendors and service providers.
- Oversee vendor risk assessments and maintain documentation for audits and compliance.
- Review and manage SLAs, contracts, and performance metrics to ensure alignment with organizational needs and security standards.
- Use bullet points with key descriptive words (adverbs) to identify the duties
Miscellaneous / Other Work as Assigned
- Ensure documentation, knowledge base, and technical diagrams are always up to date.
- Perform other duties and projects as assigned.
SKILLS, KNOWLEDGE AND ABILITIES:
- Proficiency with security tools such as SIEM, EDR, and vulnerability scanners.
- Strong understanding of vulnerability and risk management principles, CVSS scoring, and patch management.
- Familiarity with security frameworks (e.g., CIS, NIST CSF, ISO 27001) and regulatory standards (e.g., PCI, GDPR, HIPAA).
- Excellent communication and reporting skills for both technical and non-technical audiences.
- Analytical mindset with strong problem-solving capabilities.
- Ability to work independently, prioritize tasks, and collaborate with cross-functional teams.
Minimum Requirements, Qualifications, Additional Skills, Aptitude
EDUCATION AND EXPERIENCE:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems or equivalent experience.
- 2+ years in cybersecurity roles, with previous experience in incident response.
- Certifications such as CompTIA Security +, SSCP, or CCSP preferred.
PHYSICAL REQUIREMENTS:
- These physical demands are representative of the physical requirements necessary for an employee to successfully perform the essential functions of the job.
Requisition ID
2025-27329
Equal Employer Opportunity Statement
KeHE Distributors provides equal employment opportunities to all employees and applicants for employment and prohibits all forms of discrimination and harassment on the basis of race, color, religion or faith, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training as well as the administration of all Human Resources and Talent Acquisition processes.