Skip Navigation

No saved jobs found!

Job Description

Job Description

Lead Security Analyst - Risk Management

Job ID 1516633BR Date posted 01/09/2019 Location Mooresville, NC Location Name CSC-Mooresville Address 1000 Lowes Boulevard Employment Type I Regular Employment Type II Full-Time Line of Business Corporate Department 0126 - IT Security Governance

PURPOSE OF ROLE:

The Lead Security Analyst is primarily responsible for overseeing all programs, projects and changes within the organization to determine and categorize the risk of these activities as it pertains to the confidentiality, integrity and availability of information being process, stored, or transmitted. The Lead Security Analyst is also responsible for ensuring that Lowe’s is meeting/exceeding all compliance requirements.

To accomplish this, the Lead Security Analyst must have knowledge of; business process security, data security and classification, infrastructure design, authorization and access control security, risk analysis/management, regulatory compliances (PCI, SOX, HIPAA, etc), network design and security, vulnerability assessments and mitigation.

The Lead Security Analyst works closely with program and project teams in order to ensure security is thought about in the requirements phase of the program and followed through implementation. This role is highly motivated and possess strong, hands on technical knowledge of a wide range of information security/business continuity controls and the process used for evaluating control design and effectiveness. Additionally, the Lead Security Analyst must possess superior written and verbal communication skills including the ability to communicate clearly and concisely to all levels of management

ESSENTIAL RESPONSIBILITY STATEMENTS

  • Ability to analyze complex technical and business requirements from a security perspective and make appropriate recommendations to reduce the over-all risk to Lowe’s.
  • Understand and discuss security policies and standards and how they align to their customers.
  • Understand the different regulatory compliance standards and can communicate how they are applicable.
  • Evaluation of IT controls to reduce the impact of internal and external IT audits
  • Evaluate/interpret SOX IT Audit, PCI DSS and Privacy requirements and provide guidance to process and control owners on how to comply with the requirements.
  • Assist project teams to evaluate IT Risk and Compliance considerations for projects
  • Assist in performing enterprise risk assessments
  • Review contracts in support of Third Party risk management objectives


REQUIRED EDUCATION/EXPERIENCE

  • Bachelor’s Degree in Computer Science or related field plus 6 years of experience or 8+ years of experience in Information Security
  • 4+ years of experience as a Senior Security Analyst or equivalent
  • Strong ability to articulate business risks of technical issues to non-technical personnel
  • Knowledge of core Information Security concepts related to Governance, Risk & compliance
  • Strong analytical / problem solving skills
  • Broad knowledge of infrastructure (network and servers), services and security policies
  • Demonstrated ability to work in a team environment
  • Ability to act independently and exercise good judgment as well as the ability to work cross functionally and create virtual teams is essential
  • Ability to prioritize and manage multiple tasks
  • Up to 10% travel is required for this role


PREFERRED EDUCATION/EXPERIENCE

  • Demonstrated understanding of internal security controls, assess risks and identify opportunities for improvement
  • Strong analytical skills/problem solving/conceptual thinking
  • Knowledge of Governance, Risk, and Compliance process, practices and procedures.
  • Knowledge of GRC Applications and tools, like Archer, Keylight, ServiceNow
  • Prior exposure to, and experience with, SOX IT Audit, PCI DSS, and Privacy regulations
  • Prior exposure to NIST CSF, ISO, and other frameworks
  • Experience managing projects and leading cross functional teams
  • Certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), GIAC Critical Controls Certification (GCCC), or GIAC Security Essentials (GSEC).
  • Intermediate to advanced proficiency in the use of Microsoft Office products, including Word, Excel and PowerPoint.
  • Strong technical, analytical and problem solving skills.
  • Strong communication skills to effectively interact with and influence internal and external partners on all levels to resolve issues and provide solutions in a timely manner.

Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.

Email Job

Talent Community

Please sign up here to join our Talent Community

*Please note you will need to continue through the application process in order to apply.

Stay Connected

Read More | Get Social