Sr Analyst, Information Security (Compliance)

About The Position

Requirements

• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field).
• 2 years of experience developing Cybersecurity or information assurance policies, standards, awareness training, or 2 years of experience conducting assessments or technical reviews to analyze risk.
• Experience with information security programs, audits, and SOX.
• 2 years of experience in information security compliance.
• Advanced understanding of fundamental security and network concepts (Windows and Unix security: endpoint security; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; and analysis methods, etc.).
• Self-motivated, reliable, and follows through on commitments.
• Solutions-focused, strong work ethic, and desire to achieve excellence.
• Highly flexible and adaptable within a rapid and changing work environment.

Nice To Haves

• Hands-on expertise in building and deploying automated solutions for evidence collection and control testing, including the use of AI to streamline compliance processes.
• IT security compliance experience in the retail industry.
• Experience in a PCI/Retail technology environment.
• Big 4 internal or external audit experience.
• Relevant information security certifications (e.g., CISA, CISSP, PCI-P, ISA, CISM, CEH, CRISC, OSCP, GPen).
• Demonstrated understanding of internal security controls, risk assessment, and identifying opportunities for improvement.
• Intermediate knowledge of vulnerability management (OS, application, custom code, configuration, etc.) and associated risks.
• Excellent communication and interpersonal skills with success in working across organizations at all levels.

Responsibilities

• Works closely with various groups and levels of leadership within Lowe’s Tech, including the Executive Leadership Team.
• Collaborate with technical and business teams responsible for major financial system modernization efforts, security vital assets, and PCI scoped assets to determine control design effectiveness, regularity impact, and help in the design of the relevant SOX controls.
• Conduct IT process walkthroughs to ensure control objectives are met and sufficient coverage is maintained.
• Develop written control workpapers and reports of varied depth on short deadlines, with minimal supervision, at a technical level of detail appropriate to the audience.
• Identify and scope improvement opportunities, working to bring improvements to fruition while defining appropriate controls.
• Analyze data to detect trends, make recommendations, and provide reporting.
• Provide oversight, direction, and mentoring advice to the Information Security Compliance analysts, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls.
• Answers questions from associates about the information security processes supported; handles more complex questions/issues elevated from other analysts on the team.
• Serves as an escalation point and mentor for junior staff.
• Support management in developing robust action plans to address deficiencies and ensure remediation is promptly addressed to effectively address issues.
• Support internal team initiatives by delivering high-quality technical assessments.
• Provides insight and consultation to help ensure new and existing security solutions are developed with insight into industry best practices, strategies, and architectures.
• Make recommendations for process or technology changes.
• Develop tools or processes to operationalize/improve workflows.
• Creates and optimizes frameworks and tools, and leads assessments of applications and business processes to help Lowe's integrate security services.