Title: Analyst, Information Security Location: Naperville IL United States Job Description: Why Work for KeHE? - Full-time - Pay Range: $78,210.00/Yr. - $114,708.00/Yr. - Shift Days: , Shift Time: - Benefits on Day 1 - Health/Rx - Dental - Vision - Flexible and health spending accounts (FSA/HSA) - Supplemental life insurance - 401(k) - Paid time off - Paid sick time - Short term & long term disability coverage (STD/LTD) - Employee stock ownership (ESOP) - Holiday pay for company designated holidays Overview At KeHE, we're obsessed with creating solutions, unboxing potential, and serving others - and it all starts with you. As an employee-owned distributor of natural and organic, specialty, and fresh products, we're committed to making a positive impact and scaling our success together. With a culture that fosters development and opportunity, you'll be embarking on a career that's moving forward. When you join KeHE, you're becoming part of a team that is a force for good. Primary Responsibilities The Information Security Analyst safeguards the organization by monitoring and triaging security alerts across endpoint, identity, email, network, cloud, vulnerability, and SIEM platforms; investigating and coordinating response to security incidents; conducting threat hunting and detection tuning to improve coverage and reduce noise; and managing vulnerability remediation and security risk tracking. This role also supports governance, audits, and third-party risk assessments through documentation and evidence collection, delivers cybersecurity awareness initiatives and phishing simulations to reduce human risk, and partners with IT and business stakeholders to drive measurable, continuous improvements to security operations and control effectiveness. As with all positions at KeHE Distributors, we expect that all actions will be consistent with KeHE's Mission, Vision, and Values. Essential Functions DUTIES, TASKS AND RESPONSIBILITIES: - Proactively monitor and triage security alerts across endpoint, identity, network, cloud, email, vulnerability, and SIEM platforms. - Detect, investigate, and respond to security incidents; coordinate containment, remediation, root cause analysis, and post-incident reviews. - Develop, tune, and maintain security detections, alerts, and response playbooks to improve threat visibility and response effectiveness. - Conduct proactive threat hunting using endpoint, identity, network, and cloud telemetry. - Manage and support vulnerability and exposure management activities, including risk-based prioritization, remediation tracking, and reporting. - Maintain and support cybersecurity risk management activities, including risk registers, assessments, and mitigation planning. - Support governance, risk, and compliance efforts by assisting with audits, control documentation, evidence collection, and third-party risk assessments. - Administer and optimize security tools and platforms to ensure effectiveness, coverage, and operational reliability. - Develop and deliver cybersecurity awareness training, including phishing simulations and targeted education initiatives - Produce and analyze security metrics and operational reports to drive continuous improvement. - Collaborate effectively with IT, Engineering, and business teams to ensure consistent, efficient security operations. - Communicate clearly and professionally with stakeholders during incidents and ongoing security initiatives. - Other duties, responsibilities, and qualifications may be required and/or assigned as necessary. SKILLS, KNOWLEDGE AND ABILITIES: - Demonstrated experience triaging and investigating security alerts in one or more of: EDR/XDR, email security, identity systems (AD/Entra ID), network security tools, cloud security monitoring (AWS/Azure), and/or SIEM platforms. - Strong understanding of attacker tactics and common enterprise threat scenarios (phishing, credential compromise, malware/ransomware, lateral movement, privilege escalation). - Ability to analyze logs and telemetry; experience writing or modifying queries/rules (e.g., KQL/SPL/SQL-like queries) is strongly preferred. - Experience executing incident response activities: investigation, containment coordination, eradication support, recovery validation, and post-incident documentation. - Strong understanding of vulnerability and exposure workflows, including validation and remediation verification. - Ability to create and maintain runbooks/playbooks and operational documentation. - Familiarity with security frameworks (e.g., CIS, NIST CSF, ISO 27001) and regulatory standards (e.g., PCI, GDPR, HIPAA). - Excellent communication and reporting skills for both technical and non-technical audiences. - Analytical mindset with strong problem-solving capabilities. - Ability to work independently, prioritize tasks, and collaborate with cross-functional teams. Minimum Requirements, Qualifications, Additional Skills, Aptitude EDUCATION AND EXPERIENCE: - Bachelor's degree in Cybersecurity, Computer Science, Information Systems or equivalent experience. - 3+ years in cybersecurity roles, Security Operations, Incident Response, threat detection, or related information security roles. PHYSICAL REQUIREMENTS - This position operates in a hybrid working environment, with in-person presence preferred Tuesday, Wednesday, and Thursday (remote work available Monday and Friday, as business needs allow). This position operates in an office setting with prolonged computer / screen time with periods of walking, meeting in conference rooms or other. - May participate in an on-call rotation and perform after-hours incident response support as needed. - Ability to travel as needed to Company locations and third-party locations within the US.

Role Description We are looking for a Senior Supply Chain Risk Analyst. As a Senior Supply Chain Risk Analyst, you’ll be part of a cross-functional team whose mission is to lead IonQ on its journey to build the world’s best quantum computers to solve the world’s most complex problems. In this role, you will be responsible for identifying, assessing, and mitigating risks posed across the organization’s supply chain. You will be the frontline defender, proactively identifying and conquering risks across our third-party ecosystem. This isn't just compliance—it's about safeguarding the future of our innovation. You will play a critical role in protecting our organization from supply chain-related threats by evaluating third parties’ security posture, identifying control gaps, and ensuring compliance with regulatory and industry standards. - Risk Assessment: Conduct comprehensive security risk assessments of new and existing third parties, including SaaS providers, cloud services, hardware, and critical business partners. - Due Diligence: Issue and evaluate security questionnaires, review external audit reports (e.g., SOC 2 Type 2, ISO 27001), and perform technical and physical security reviews (remote or on-site) for software, hardware, and services providers. - AI Data Protection: Evaluate and ensure third parties adhere to organizational policies and best practices for the protective use and governance of data in AI systems and software, minimizing risk exposure. - Supply Chain Risk Expertise: Maintain expertise in and actively address known supply chain risk types, including FOCI (Foreign Ownership, Control, or Influence), data theft & exposure, software and hardware backdoors/intrusion, counterfeit products, forced labor, geopolitical/trade disruptions, malware infection vectors, and environmental. - Risk Mitigation: Partner with supply chain, legal, procurement, and business teams to identify third party risks and recommend appropriate risk treatment and remediation action plans. - Vetting: Assist in refining and maintaining a program to manage global supply chain risks, ensuring the integrity and security of hardware, software, and services from our third parties. - Compliance Monitoring: Monitor third party relationships to ensure ongoing compliance with company policies, regulatory requirements (e.g., NIST, CMMC Level 2, GDPR, EAR, ITAR, UFLPA), and international government supply chain security programs such as CTPAT, AEO, and others. - Incident Response: Serve as the first point of contact for third party security incidents, assisting with investigations and managing the response to minimize impact on the organization. - Risk Metrics & AI Modeling: Develop, build, and continuously improve the supply chain security and TPRM function by streamlining and automating processes, maintaining a third party inventory, developing key performance and risk metrics, and supporting AI modeling initiatives for predictive risk analysis. - Collaboration: Partner with internal stakeholders to raise awareness about third party integration risks and communicate the results of risk assessments to ensure appropriate implementation of controls. Qualifications - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, Supply Chain Management, Criminal Justice, Business or a related field. - 4+ years of experience in a third party/supply chain risk management, supply chain security, cyber security, physical security, product security and/or information security role. - Strong understanding of information security principles and controls, including data protection, access management, and application security. - Proven experience conducting security reviews for software, hardware, and services providers in the third party supply chain. - Experience in quantitative analysis, including metrics development, data visualization, and supporting AI/ML model development. - Experience with understanding and addressing known supply chain risk types (e.g., FOCI, data theft & exposure, software and hardware backdoors/intrusion, counterfeit product, forced labor, geopolitical/trade disruptions, malware). - Familiarity with key security frameworks and standards such as ISO 27001, NIST 800-53, NIST 800-171, SOC 2 Type 2, FedRamp. - Exceptional verbal and written communication skills, with the ability to clearly articulate complex security concepts to diverse audiences. - Excellent investigative skills. - Strong analytical, problem solving, attention to detail and organizational skills. Requirements - Relevant security certifications (e.g., CISA, CISSP, CPP, PSP, PSC) are a plus. - Direct experience with international government supply chain security programs such as CTPAT (Customs Trade Partnership Against Terrorism), AEO (Authorized Economic Operator), or similar initiatives. - Familiarity with key security frameworks and standards such as CMMC Level 2. - Direct work experience with trade compliance, business continuity planning and/or forced labor programs. - Skilled in prompt engineering and leveraging Generative AI models for efficient and work improvement. - Knowledge of supply chain operations, logistics, and third party management best practices. - Experience with conducting architectural reviews, penetration tests, and hardware security analyses. - Specific knowledge of data security requirements and governance models for AI/ML development and deployment. - A proactive mindset and a passion for integrating new technologies into security based solutions. Benefits - Comprehensive medical, dental, and vision plans. - Matching 401K. - Unlimited PTO and paid holidays. - Parental/adoption leave. - Legal insurance. - Home technology stipend.

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves? Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are. We are seeking a dedicated and experienced Cyber Resiliency Engineer with a strong focus on our enterprise Business Continuity Planning and Disaster Recovery. Business Impact Analysis (BIA) Tool. In this role, you will provide comprehensive operational and engineering support, serving as the primary owner for the BIA environment from end to end.

The pay range is $113,000.00 - $203,000.00 Pay is based on several factors which vary based on position. These include labor markets and in some instances may include education, work experience and certifications. In addition to your pay, Target cares about and invests in you as a team member, so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs, which may include medical, vision, dental, life insurance and more, to help you and your family take care of your whole selves. Other benefits for eligible team members include 401(k), employee discount, short term disability, long term disability, paid sick leave, paid national holidays, and paid vacation. Find competitive benefits from financial and education to well-being and beyond at https://corporate.target.com/careers/benefits. JOIN TARGET CYBERSECURITY AS A LEAD CYBERSECURITY ANALYST - CSIRT (INCIDENT RESPONSE) About Us Target is an iconic brand, a Fortune 50 company and one of America’s leading retailers. Target as a tech company? Absolutely. We’re the behind-the-scenes powerhouse that fuels Target’s passion and commitment to cutting-edge innovation. We anchor every facet of one of the world’s best-loved retailers with a strong technology framework that relies on the latest tools and technologies—and the brightest people—to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely, and reliably from the inside out. As a Lead Cybersecurity Analyst on CSIRT, you will assist with leading the team as you assess information security events and incidents across the Target environment. In this role, you will use your expertise to collaborate and utilize problem solving skills as you work among a team of skilled analysts to address complex problems within a 24x7 Cyber Fusion Center (CFC) environment. You will implement new processes and procedures as identified by the CSIRT and CFC Leadership to ensure continuous improvements for Target’s monitoring, detection, and mitigation capabilities. You will use your expert-level knowledge of Information Security to monitor SIEM and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises. You will lead internal training of CSIRT Analysts to ensure their continued education as an Analyst and growth. You will work to understand the global threat landscape by working with Target Cyber Threat Intel team to maintain awareness. You will review and guide requests from internal teams and will escalate information security events according to Target’s Cyber Security Incident Response Plan. Additionally, you will lead with containment of threats and remediation of environment during or after an incident. You’ll act as the leader during Cyber Hunt activities alongside of the Target's Cyber Hunt Team. You will leverage your expert-level knowledge to write comprehensive reports of incident investigations. Core responsibilities of this job are described within this job description. Job duties may change at any time due to business needs. Note: This is a shift position on Shift 2 within CSIRT. The working hours for this role are Sunday through Wednesday, 12:30pm - 10:30pm CT. If you are applying for this role you acknowledge and accept the days and times of this role. About You - 4-year degree, relevant certifications (e.g. GCFA, GREM, GEIR, 13Cubed), or equivalent experience - 5+ years' direct experience with Security Operations, Incident Response, or Digital Forensics - Thorough understanding of advanced security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.) - Expertise with host and network-based security tools (Velociraptor and Google SecOps preferred) - Expertise with network monitoring and SOAR use in a SOC environment - Knowledge in malware analysis, memory forensics and cloud IR desired - Ability to navigate ambiguity and develop working business relationships - Ability to demonstrate expert-level analytical expertise, close attention to detail, excellent critical thinking, logic, and adaptive learning - Demonstrates leadership skills that assist with driving desired outcomes - Excellent written and oral communication skills This position may be considered for a Remote or Hybrid (known internally at Target as "Flex for Your Day") work arrangement based on Target's needs.  A Remote work arrangement means the team member works full-time from home or an alternate location that's not a Target location, does not have a desk at a Target location and may travel to HQ up to 4 times a year.  A Hybrid/Flex for Your Day work arrangement means the team member's core role may be performed either remote or onsite at a Target location depending upon what your role, team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target. This position may be considered for a Remote or Hybrid (known internally at Target as "Flex for Your Day") work arrangement based on Target's needs.  A Remote work arrangement means the team member works full-time from home or an alternate location that's not a Target location, does not have a desk at a Target location and may travel to HQ up to 4 times a year.  A Hybrid/Flex for Your Day work arrangement means the team member's core role may be performed either remote or onsite at a Target location depending upon what your role, team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location, unless otherwise prescribed by Target. Benefits Eligibility Please paste this url into your preferred browser to learn about benefits eligibility for this role: https://tgt.biz/BenefitsForYou_E Americans with Disabilities Act (ADA) In compliance with state and federal laws, Target will make reasonable accommodations for applicants with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please reach out to candidate.accommodations@HRHelp.Target.com. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed through this channel.   Application deadline is : 03/26/2026