Senior IT Enterprise Risk Analyst

The Senior IT Enterprise Risk Analyst is responsible for leading cyber security, cloud, operational, and compliance reviews of Kohl’s Technology operations, processes, and initiatives. The Senior IT Enterprise Risk Analyst will also perform risk advisement and remediation follow-up across the Kohl’s Technology organization.

ACCOUNTABILITIES

DRIVE TECHNOLOGY ACTIONS THROUGH QUALITY AUDITS, PROJECTS AND FOLLOW-UP

  • Assess cyber security, cloud, operational, and compliance risk in Kohl’s technology and develop detailed audit procedures to develop risk-based audit programs
  • Obtain and analyze information for evidence of cyber security violations, deficiencies in internal controls, or lack of compliance with laws, government regulations, and Kohl’s policies and procedures
  • Challenge existing processes including suggesting more efficient or alternative methods to achieve objectives
  • Prepare work papers to clearly support the audit conclusion in accordance with internal auditing standards
  • Communicate the results of audit/projects to senior leaders and collaborate with senior leaders to develop action plans addressing identified risk/process gaps
  • Follow-up with Technology leadership to ensure agreed-upon recommendations have been implemented

COMPLETE TECHNOLOGY COMPLIANCE ACTIVITIES

  • Lead PCI assessment activities, in partnership with Information Security team
  • Manage PCI Assessor to review completion
  • Assess Sarbanes-Oxley ITGC controls design
  • Execute Sarbanes-Oxley process walkthroughs, testing and follow-up
  • Support the continuous improvement of technology compliance activities
  • Execute banking partner security reviews and follow-up
  • Lead communication with banking partner on follow-up status and remediation

EXECUTE EFFICIENT & EFFECTIVE PROJECT MANAGEMENT

  • Manage and prioritize multiple assignments including all audits and project involvement
  • Inform stakeholders of project status and execute to planned project timelines
  • Provide timely results of audit and communicate recommended solutions

SUPPORT DEVELOPMENT OF SELF/TEAM

  • Pursue opportunities to improve team communication, organizational, technical, and analytical skills
  • Support the development of project staff/interns

LEVERAGE RELATIONSHIPS TO ENHANCE RISK AWARENESS

  • Develop strong cross-functional relationships across multiple levels within organization
  • Support risk advisory activities across the technology and business organization

QUALIFICATIONS

REQUIRED

  • Bachelor’s Degree in MIS or similar related field
  • Minimum of 2+ years of experience in IT audit, cyber security, IT consulting or similar roles
  • Ability to comprehend and analyze technology systems and environments
  • Experience communicating with various levels of management

PREFERRED

  • Certifications such as CISA, CISSP, CIA desired
  • Word processing and spreadsheet software, Google apps collaboration tools, Tableau or other data analysis tools
  • Cloud platforms including GCP
  • Technical server, database, messaging, integration, and CICD platforms

SPECIAL REQUIREMENTS

  • Ability to travel minimally (Up to 5% annually)

More Information

Apply for this job

Leave your thoughts

Share this job