Manager IT Security – Vulnerability Management
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving more than 18 million customers a week in the United States, Canada and Mexico. With fiscal year 2017 sales of $68.6 billion, Lowe’s and its related businesses operate or service more than 2,390 home improvement and hardware stores and employ over 310,000 people. Founded in 1946 and based in Mooresville, N.C., Lowe’s supports the communities it serves through programs that focus on K-12 public education and community improvement projects. For more information, visit Lowes.com.
The primary purpose of this role is to implement information security risk programs across the organization. This includes responsibility for providing Information Security Risk, Intelligence and Governance and other assigned functions in a large-scale global environment, as well as supporting and working as a member of the Incident Response Team.
• Maintains a coordinated enterprise-level vulnerability management program that effectively reviews, analyzes, communicates and guides remediation of vulnerabilities.
• Works effectively with business units to facilitate building and expanding vulnerability management capabilities to support new deployment efforts, vulnerability scanning and vulnerability remediation/mitigation.
• Hiring, training, staff development, performance management, to effectively grow the skills and capabilities of the vulnerability management team.
• Assesses, streamlines and develops comprehensive Vulnerability Management and Security programs.
• Prioritizes vulnerabilities for remediation action and collaborates with appropriate team members across the organization to implement.
• Uses technologies such as Nexpose, Qualys, TripWire, Tanium, Veracode, Whitehat or similar technologies.
• Contributes to the ongoing enhancement of the company’s security assessment capabilities through the development and implementation of improved methodology, processes, infrastructure, tools and deliverables.
Education and experience
• Bachelor’s Degree IT or related field 7+ years of security experience.
• Demonstrated success in leading or managing technical personnel.
• Strong leadership, change agent and influencing skills.
• Demonstrated success in leading or managing technical personnel. Strong leadership, change agent and influencing skills.
• Master’s Degree IT or other technical related field.
• Strong ability to articulate business risks of technical issues to non-technical personnel.
• Knowledge of core Information Security concepts related to Threat and Vulnerability Management.
• Strong analytical skills/problem solving/conceptual thinking.
• Broad knowledge of infrastructure (network and servers), services and security policies.
• Demonstrated ability to work in a team environment.
• Ability to act independently and exercise good judgment as well as the ability to work cross-functionally and create virtual teams is essential.
• Ability to prioritize and manage multiple tasks.
• Knowledge of retail regulatory scope (PCI, SOX, etc.).
• Information Security certification, one or more of the following (CISSP, CISM, CISA or CRISC) or relevant certifications.
Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.