The Sr Security Analyst, Third-Party Risk, is responsible for ensuring that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals and assess the effectiveness of security controls for data connections Lowe's environment.
This includes creating, executing, and improving processes and procedures with limited direct guidance from more senior-level security associates. This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies. The individual in this role has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior-level associates on the team.
- Analyzes data to detect trends, make recommendations, and provide reporting
- Leads activities to assess adherence to the information security processes supported
- Collaborates with management to determine information security metrics and leads the collection of information security metrics
- Consolidates security-related findings, tracks KPIs, and presents results to information security and business leaders and/or vendors
- Translates and documents business needs into technical requirements and solutions
- Advises users and team members on the execution of processes interprets standards and regulations and assists with solutions
- Creates and optimizes frameworks and tools and leads assessments of applications and businesses
- Maintains an understanding of security-related IT controls and various testing methods utilized to discover the effectiveness of those controls
- Functions in a high compacity team responsible for verifying and validating security compliance against corporate standards, regulatory and other industry defined policies
- Provides vulnerability assessments, gap analysis, risk analysis, and coordinates discrete security testing as required for the given platform, application, or environment, including penetration testing and code and architectural reviews
- Communicates complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
- Possesses knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Demonstrates knowledge of cybersecurity and privacy principles
- Demonstrates knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
- Identifies opportunities for process improvements and makes recommendations for best practices
- Serves as an escalation point and mentor for junior staff
- Assists with the training and development of more junior level analysts as needed; Provides mentoring and guidance to more junior level analysts; may provide feedback and direction on specific tasks
- Bachelor\'s degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
- 4 years of experience in information security
- Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
- IT experience in the retail industry
- Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States and Canada. With fiscal year 2020 sales of nearly $90 billion, Lowe's and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.
About Lowe's in the Community:
As a FORTUNE® 50 home improvement company, Lowe's is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe's associates donate their time and expertise through the Lowe's Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.
Apply on company website