Sr Security Compliance Analyst Details

Sr Security Compliance Analyst

Lowe's - Mooresville, NC

Employment Type : Full-Time

Job Summary:

The Sr Security Compliance Analyst\'s primary purpose is to develop and continually enhance procedures to assess and manage risk efficiently. Additionally, ensure compliance with data security frameworks and authoritative sources (e.g., NIST, etc.) and internal security policies and standards and oversee implementation of relevant mitigating controls to enhance the information security posture. We welcome an innovative individual that embraces challenges and offers creative solutions.

The Sr Security Compliance Analyst has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior level associates on the team.
With a focus specifically on compliance, this role completes activities that help drive awareness and adherence to information security policies and standards. Tasks include collecting and reviewing metrics, monitoring programs for compliance, performing risk assessments, and working with others to implement appropriate controls.

Key Responsibilities:

• Responsible for developing, tracking, and managing security-related findings (e.g., non-compliance with security policies)
• Work cross-functionally across the business to identify and remediate gaps reducing security risk exposure
• Participate in advising the business on how to maintain/implement business solutions that keep Lowe\'s compliant with security impacting regulations
• Participate in assessments, such as design assessments for security controls, risk assessments, and root cause analysis
• Participate in building/maintaining the risk and control library as well as identifying any gaps
• Acts as an advisor and single point of contact to business partner stakeholders and teams advocating security best practices
• Collaborates with subject matter experts, control owners, business stakeholders, and additional accountable parties to support and advance information security compliance with Lowe\'s policies, standards, and regulations
• Works proactively with the Security compliance function regarding key information security risk considerations
• Maintains the control requirements library with Lowe\'s GRC tool that addresses regulatory and policy requirements

Minimum Qualifications:

• Bachelor\'s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
• 4 years of experience in information security
• Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)

Preferred Qualifications:

• IT experience in the retail industry
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
• 2 years of experience developing Cybersecurity or information assurance policies, standards, awareness training, or equivalent issuances (specific to Security Governance, Risk & Compliance role)
• 2 years of experience conducting assessments or technical reviews to analyze risk (specific to Security Governance, Risk & Compliance role)
• Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management (specific to Security Governance, Risk & Compliance role)
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) (specific to Security Governance, Risk & Compliance role)
• Experience conducting information security risk assessments of vendors and vendor software (specific to Security Governance, Risk & Compliance role)

About Lowe\'s:
Lowe\'s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe\'s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe\'s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.

About Lowe\'s in the Community:
As a FORTUNE® 50 home improvement company, Lowe\'s is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe\'s associates donate their time and expertise through the Lowe\'s Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.