Skip Navigation

Job Description

Job Description

Info Security Analyst II - Third Party Risk Management

Job ID 1212783BR Date posted 06/06/2017 Location Mooresville, NC Location Name CSC-Mooresville Address 1000 Lowes Boulevard Employment Type I Regular Employment Type II Full-Time Line of Business Corporate Department 0126 - IT Security Governance

The Information Security team provides enterprise-wide, risk-based security and continuity capabilities to meet changing internal and external threat landscapes. The InfoSec team is responsible for identifying and protecting sensitive information, detecting and responding to cyber threats, and maintaining compliance with regulatory requirements and industry standards.

The Information Security Analyst II will conduct/review vendor risk assessments over third party vendors, including but not limited to: determining the scope of the service provided by interacting with business units; administering risk assessments directly to vendors; and examining responses to determine the extent of risk the relationship represents to Lowe’s

The Information Security Analyst II requires understanding of security related IT controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. The individual will be responsible for working in a team responsible for verifying and validating security compliance against corporate standards, regulatory and other industry defined policies. Performs analysis of design specifications, design documentation, configuration practices, and operational practices and procedures.

Essential Responsibilities:

  • Perform 3rd Party Vendor Risk Assessments
  • Develop and maintain standard operating procedures (SOPs)
  • Demonstrate understanding of information security “best practices” including principles, security protocols and standards material such as OWASP Top 10 and SANS/CIS Critical Security Controls
  • Articulate communicator, demonstrating mastery of both spoken and written English, with the ability to tailor deliverables appropriately for audiences ranging from technical to senior executive
  • Leverage skills and experience to further evolve, mature, and improve organizations abilities through continuous improvement
    • Identify and resolve gaps in processes, procedures, and policies
    • Influence partners to integrate security best practices in daily activities
    • Further improve project engagement and professional relationships
  • Act as a subject matter expert in understanding why certain risks are a threat to the company and how compensating or mitigating processes affect that risk.
  • Provide guidance on IT Security Requirements during Contract negotiation discussions

·Knowledge of industry-relevant regulation including Payment Card Industry (PCI) Data Security Standard (DSS), NIST, and SOX

This role requires up to 25% travel

Required Minimum Qualifications:

·Bachelor’s Degree in Computer Science or related field plus 4 years of experience or 6+ years of experience in Information Security

·2+ years of experience as a Security Analyst or equivalent

·Ability to deal with both technical and non-technical personnel

·Analytical / problem solving skills

·Knowledge of infrastructure (network and servers), services and security policies

·Ability to work in a team environment

·Ability to act independently

25% travel

Preferred Qualifications:

·Information security certification; one or more of the following (CISSP, CISM, CISA or CTPRP)

·“Retail” experience in the Information Technology Industry

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving more than 17 million customers a week in the United States, Canada and Mexico. With fiscal year 2016 sales of $65.0 billion, Lowe’s and its related businesses operate or service more than 2,370 home improvement and hardware stores and employ over 290,000 people. Founded in 1946 and based in Mooresville, N.C., Lowe’s supports the communities it serves through programs that focus on K-12 public education and community improvement projects. For more information, visit

Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.

Email Job

Talent Community

Please sign up here to join our Talent Community

Stay Connected

Read More | Get Social