General Summary: The GRC Analyst is a technical and analytical position within Dollar Tree’s IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, vulnerability management, risk assessments, and security awareness. A successful applicant will be technical in nature with a high aptitude of both written and verbal communication skills.
The GRC Analyst position will provide timely and quality service to ensure policy, standards, and configurations are adequately maintained, communicated and compliance with internal and external policies or regulations. This position is responsible for managing, developing, maintaining and communicating company security policies, standards, and configurations in accordance with industry standards and best practices. GRC analysts are expected to have some experience and knowledge of industry practiced tools to perform their functions such as but not limited to: vulnerability and patch management packages, access and authorization tools, data loss prevention tools, third party management applications, and request for service application suites. The GRC Analyst will participate in the evaluation and deployment of security-focused infrastructure as well as provide consultation, architectural review, risk analysis, vulnerability testing and security reviews of many elements of Dollar Tree/Family Dollar systems.
Principal Duties & Responsibilities:
Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances
Provide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks.
Conduct and track information security assessments of third party vendors to determine their ability to protect data
Participates in projects and assessments to establish risk determination and remediation
Using industry best practices and tools, be able to utilize technology based tools to validate controls are in place as established.
Lead the development, update and compliance of corporate information security policies, guidelines and standards
Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment
Develop the comprehensive information security awareness program and run year round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements.
Maintain security and compliance metrics that are meaningful and actionable for Sr. Management. Metrics should establish baselines, highlight progress and drive behaviors
Coordinate with internal and external audit and compliance groups on improvement of information technology controls
Experience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessments
Bachelor’s degree in business, information systems or computer science or equivalent experience
Minimum 3 years of experience in an information security role, preferably compliance/audit/control or related experiences
Minimum 5 years of experience in an information technology role such as systems engineer, software development, or network engineer
Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy
Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc…
Application development, scripting and database knowledge a plus
Demonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks
Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing; Microsoft office suite proficiency required
Strong analytical skills, to analyze security requirements and relate them to appropriate security controls
Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc… a plus
- Salary Offer $26K/yr - $70K/yr
- Address Chesapeake, VA, USA
- Experience Level Senior
- Total Years Experience 5-10