Full Job Description
The primary purpose of this role is to lead the development, enhancement and ongoing delivery of information security risk management tools, processes and reporting. This includes responsibility for creating, executing, and improving risk management processes and procedures with limited direct guidance from more senior-level security associates. This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies. The individual in this role has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior level associates on the team.
The goal of the risk management program is to develop and continually enhance procedures to efficiently assess and manage risk, and oversee implementation of relevant mitigating controls to enhance the information security posture. We welcome an innovative individual that embraces challenges and offers creative solutions.
- Conducts information security risk assessments, based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices
- Draft assessment reports for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed
- Leads in the collection, analysis and continual enhancement of risk metrics to measure and provide visibility to the security posture at Lowe’s
- Develop and manage detailed project plans, taking into consideration resource availability, dependencies, and the work effort required for individual project tasks.
- Builds and grows a network of diverse partnerships, develops an understanding of formal and informal decision-making processes, and leverages knowledge of functional and cross-functional operations to accomplish work objectives
- Manages relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches
- Participate in the creation, execution and improvement of processes and procedures for risk management activities
- Participate in assessments, such as design assessments for security controls, risk assessments and root cause analysis
- Participate in building/maintaining the risk and control library as well as identifying any gaps
- Acts as an advisor and single point of contact to business partner stakeholders and teams advocating security best practices
- Works proactively with the Security compliance function regarding key information security risk considerations
- Bachelor’s degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
- 4 years of experience in information security
- Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
- IT experience in the retail industry
- Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
- 3 years of experience conducting assessments or technical reviews to analyze risk
Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
- Address Mooresville, NC, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10