Systems/Application Security Analyst, Sr. jobs in North Carolina

This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies. The individual in this role has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior level associates on the team. The goal of the risk management program is to develop and continually enhance procedures to efficiently assess and manage risk, and oversee implementation of relevant mitigating controls to enhance the information security posture. We welcome an innovative individual with an analytic mindset that embraces challenges and offers creative solutions.

Key Responsibilities:

· Leads in the collection, analysis and continual enhancement of risk metrics to measure and provide visibility to the security posture at Lowe’s

· Automate and explore new methodologies to create visualizations and dashboards to enhance management reporting.

· Develops aggregation methodologies to consolidate qualitative and quantitative data points into Key Risk Indicators (KRIs) and Key Process Indicators (KPIs)

· Able to describe key components of complicated concepts clearly to non-experts

· Create new processes as needed to enhance and/or improve reporting & oversight functions.

· Conducts information security risk assessments, based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices

· Draft assessment reports for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed

· Leads in the collection, analysis and continual enhancement of risk metrics to measure and provide visibility to the security posture at Lowe’s

· Develop and manage detailed project plans, taking into consideration resource availability, dependencies, and the work effort required for individual project tasks.

· Builds and grows a network of diverse partnerships, develops an understanding of formal and informal decision-making processes, and leverages knowledge of functional and cross-functional operations to accomplish work objectives

· Manages relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches

· Participate in the creation, execution and improvement of processes and procedures for risk management activities

· Participate in building/maintaining the risk and control library as well as identifying any gaps

· Acts as an advisor and single point of contact to business partner stakeholders and teams advocating security best practices

· Works proactively with the Security compliance function regarding key information security risk considerations

Minimum Qualifications:

· Bachelor's degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)

· 4 years of experience in information security

· Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)

Preferred Qualifications:

· IT experience in the retail industry

· Strong analytical skills with high attention to detail and accuracy

· Experience utilizing analytic tools (e.g., Alteryx) and visualization tools (e.g., PowerBI)

· Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)

· 3 years of experience conducting assessments or technical reviews to analyze risk