Principal IT Risk Strategy Specialist

Here at Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for more than 60 years and now is the best time in our history to join us. We are opening more locations every year and we are always looking for qualified individuals to join us in our growth. We are a company that promotes from within, both in our retail and corporate operations. 

Under minimal supervision, the Principal IT Risk Strategy Specialist leads the development of Risk Management planning and execution for the IT Business Segment. Monitor and manage technology risk by providing enterprise-wide oversight and governance for technology risk management activities within the Company. Assist with the execution of various risk frameworks across the organization by monitoring and reporting on risk activities and framework compliance. Build productive working relationships with the Technology, Risk and Operational groups within the company by providing subject matter consultation and risk maturity within those group. Actively manage and escalate risk and customer-impacting issues within the day-to-day role to IT management.  This role will be accountable for spearheading initiatives that enable the broader security risk strategy including technology capabilities and modernizations, methodology execution, and adoption activities.

Essential Duties and Responsibilities:

• Identify and analyze technology risks through engagement and collaboration across all IT functions
• Develop technology risk management controls and contingency plans
• Lead complex discussions across IT and business with subject matter experts to derive clear risk management plans
• Articulate business risks associated with technical vulnerabilities and risks
• Work with Risk Management business segment on defining business contingency plans based on technology risks
• Management of issues and risks relating to the portfolio of technology enhancements
• Provide strong stakeholder engagement to define IT risks
• Gather, track and report on information security department attainment of Key Performance Indicators (KPIs) to senior management
• Ensure Company procedures are followed, including the tracking and publishing of metrics
• Work collaboratively across departments to identify and resolve risks; conflicts and challenges; and recommendations for resolution and implementing process improvements
• Stays current on the latest industry technologies, trends, and strategies; brings forward solutions while serving as a Trusted Expert
• Represent Risk Management area of responsibility by joining at least one of the IT Gauge Team’s focused on six sigma and world class delivery
• Other duties as assigned.

Qualifications

• This position requires 8 years of overall experience in risk management, with a minimum of 5 years’ experience in technology risk management
• 5 years in a technology management role
• Proficient in risk management methodologies and tools
• Comfortable interacting professionally with all levels of management and subject matter experts
• Proficient in Microsoft Office, including Word, Excel PowerPoint, and Visio
• Expert ability to communicate across all levels of the organization, present complex ideas concisely, and clearly articulate ideas both verbally and in writing
• Confidence to lead presentations to executives and Board of Director’s
• Excellent analytical, planning and negotiation skills
• Deep knowledge, skills, and experience with project management
• Demonstrated business and technology acumen with an expert knowledge and understanding of business issues, priorities, goals, and strategy
• Must be highly organized, extremely detail oriented with strong leadership experience
• Maintaining confidentiality, treating others with respect, and upholding Company values is a key attribute
• Ability to perform in a fast-paced, goal oriented, and time sensitive environment
• The ability to drive organizational transformation; communicate openly and build consensus with stakeholders
• Knowledge of and/or application of industry specific regulations, laws, and standards
• Knowledge of and/or application of compliance and security frameworks and standards such as CAS, COSO, IOS, RIMS, NIST Cybersecurity, ISO 31000, etc.
• Strong written and verbal communication skills
• Familiarity with information management technologies and implementation efforts

Educational Requirements

Bachelor’s degree in Computer Information Systems or a related field or equivalent experience is required.  A Master’s degree highly preferred. CIPP, CISSP, CISM, or other professional certifications highly preferred