Security Governance Analyst
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving more than 18 million customers a week in the United States, Canada and Mexico. With fiscal year 2017 sales of $68.6 billion, Lowe’s and its related businesses operate or service more than 2,390 home improvement and hardware stores and employ over 310,000 people. Founded in 1946 and based in Mooresville, N.C., Lowe’s supports the communities it serves through programs that focus on K-12 public education and community improvement projects. For more information, visit Lowes.com.
The Security Governance Analyst III is primarily responsible for overseeing all programs, projects and changes within the organization to determine and categorize the risk of these activities as it pertains to the confidentiality, integrity and availability of information being process, stored or transmitted.
Additionally, you will also be responsible for ensuring that Lowe’s is meeting/exceeding all compliance requirements. To accomplish this, the Security Governance Analyst III must have knowledge of business process security, data security and classification, infrastructure design, authorization and access control security, risk analysis/management, regulatory compliances (PCI, SOX, HIPAA, etc.), network design and security, vulnerability assessments and mitigation.
The Security Governance, Analyst III works closely with program and project teams to ensure security is thought about in the requirements phase of the program and followed through implementation. We are seeking someone highly motivated that possess strong, hands-on technical knowledge of a wide range of information security/business continuity controls and the process used for evaluating control design and effectiveness.
The Security Governance Analyst III must possess superior written and verbal communication skills including the ability to communicate clearly and concisely to all levels of management (both technical and non-technical) and explain the need for key controls to technical and non-technical resources.
• Analyze complex technical and business requirements from a security perspective and make appropriate recommendations to reduce the overall risk to Lowe’s.
• Communicate effectively across the business regarding security policies and standards and how they align with customers.
• Provide guidance on different regulatory compliance standards and can communicate how they are applicable.
Education and experience:
• Bachelor’s Degree in Computer Science OR related field plus 6+ years of experience or 8+ years of experience in Information Security.
• 4+ years of experience as a Senior Security Analyst or equivalent.
• Strong ability to articulate business risks of technical issues to non-technical personnel.
• Knowledge of core Information Security concepts related to Governance, Risk and compliance.
• Strong analytical /problem-solving skills.
• Broad knowledge of infrastructure (network and servers), services and security policies.
• Demonstrated ability to work in a team environment.
• Ability to act independently and exercise good judgment as well as the ability to work cross-functionally and create virtual teams is essential.
• Ability to prioritize and manage multiple tasks.
• Up to 10% travel is required for this role.
• Demonstrated understanding of internal security controls, assess risks and identify opportunities for improvement.
• Expert knowledge of information security topics, system architecture and Internet technology.
• For requirements, strong analytical skills/problem solving/conceptual thinking.
• Knowledge of Governance, Risk and Compliance process, practices and procedures.
• Knowledge of GRC Applications and tools, like Archer, Keylight, ServiceNow.
• Knowledge of retail regulatory scope (PCI, SOX, GDPR).
• Information Security certification, one or more of the following (CISSP, CISM, CISA or CRISC) or relevant certifications.
Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.