Senior Information Security Analyst - Reporting And Analytics

HEB is a leading innovator in technology, and our Digital Technology Team collaborates to design, construct, implement, and support solutions across the enterprise.

As a Senior Information Security Analyst, you'll collaborate with key H-E-B Partners on security programs used to implement corporate standards, procedures, and guidelines to align with various compliance and risk requirements.  You will also support Risk Management through data analysis, requirements documentation, and reporting & visualization.

Once you're eligible, you'll become an Owner in the company, so we're looking for commitment, hard work, and focus on quality and Customer service. "Partner- owned" means our most important resources-People-drive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company.

Do you have a:

HEART FOR PEOPLE... skills to present complex technical and security-related info so it's easily understood by many?

HEAD FOR BUSINESS... ability to maintain / gain new technical knowledge?

PASSION FOR RESULTS... drive to advise on development / acquisition projects to ensure the best security-related outcomes?

We are looking for:

• 5+ years of experience as a full-time Information Security professional
• Data Analysis & Visualization experience
• Professional security certification

What is the work?

Management:

• Develops security configuration and operations standards for security systems and applications, including policy assessment / compliance tools, network security appliances, and host-based security systems
• Recommends / develops / implements / trains on / interprets Info Security control patterns, designs, procedures, policies, guidelines, and standards, including the IS awareness program
• Collaborates with business leaders to develop solutions that balance security / business needs
• Generates / maintains administrative documentation (e.g., architecture diagrams and admin manuals, and operational procedures and processes)
• Assists Project Managers in developing project plans, specifying goals, strategy, scheduling, identification of risks, contingency plans, allotment of resources for each project phase
• Monitors / drives project results against technical specifications

Security / Administration:

• Responds to Information Security requests, incidents, and trouble tickets according to defined SLA
• Conducts periodic security controls testing (e.g., penetration tests, vulnerability analysis)
• Leads incident response teams; performs forensic / investigation services
• Participates in disaster recovery and business continuity efforts
• Develops security processes / procedures; supports SLAs to ensure security controls are managed and maintained
• Plays advisory role in application development and acquisition projects to assess security requirements and controls; ensures security controls are implemented as planned
• Reports to H-E-B management on residual risk, vulnerabilities, other security exposures, including misuse of information assets and noncompliance
• Works with Information Security leadership to develop strategies and plans to enforce security requirements and address identified risks
• Maintains job knowledge; participates in educational opportunities and professional organizations; stays current on professional publications; maintains personal networks

Analytics:

• Provides monthly, quarterly, and ad-hoc strategic / operational risk Reporting and Analytics for trending, risk assessment, compliance, and active exception reporting
• Determines security requirements by evaluating business strategies / needs; researches Information Security standards; conducts system security and vulnerability analyses and risk assessments
• Researches/ evaluates / recommends Information Security-related hardware and software; develops business cases for security investments
• Develops solutions by analyzing information requirements, determining systems architecture, components, and technologies, and by studying business operations and user-interface requirements
• Collaborates with data and process owners and stakeholders to document more complex business processes and detailed requirements
• Applies understanding of risk reporting & metrics vision; assists in coordinating efforts with a cross-functional team
• Assists in building out project roadmaps
• Use metrics to measure, monitor and report on the effectiveness and efficiency of Information Security controls and compliance with Information Security policies.
• Serves as cross functional data SME; maps business process to systems and data to support Visualization
• Collaborates with Data Engineers to translate requirements into solutions
• Explores / profiles new data sets to understand scenarios and anomalies
• Accesses / organizes data; builds out analyses to propose solutions for business problems
• Utilize ETL tools to transform and blend data from disparate data sources
• Create reports, build dashboards & data visualizations using a variety of different data tools
• Create accurate charts, tables, and graphs in the correct format and within established time frames as required. Select and use appropriate software to effectively analyze data. Compile and analyze information
• Create and/or update metrics program process documentation as needed
• Review data for quality, accuracy, and trending and troubleshoot any errors in reporting or extracting
• Creates reports and visualization as part of data exploration and analysis
• Performs / may lead quality assurance / user acceptance testing for Data Solution or Report Development solutions
• Leads ongoing team support for reporting/dashboarding built by Governance, Risk, and Compliance
• Develop highly complex data extracts and ensure requirements are developed in accordance with specified business and technical requirements
• Meet with internal stakeholders, collect requirements, and provide recommendations on Reporting and data visualization best practices
• Develop an understanding of how key metrics are tied to strategic objectives and business outcomes

Auditing / Compliance:

• Manages / coordinates internal and external audits (e.g., PCI, DSS, HIPAA)
• Performs physical site assessments of business partners; provides peer review of work product and deliverables; executes release of information analysis to third- party business partners
• Collaborates with business and IS teams to ensure solutions align with H-E-B's security posture

What is your background?

• A related degree or comparable formal training, certification, or work experience
• 5+ years of experience working full-time as an Information Security Professional
• At least one professional security certification (e.g., CISSP, CISA, CEH, applicable SANs programs) or other industry certifications (e.g., Cisco, MSoft, VMware) (preferred)
• Experience developing info security standardized configuration guides / procedures; performing vulnerability assessments and penetration tests using automated /manual methodologies against infrastructure and applications; scripting languages / code development for task automation (e.g., Python, Perl, Bash, PHP, JavaScript, PowerShell); working with ticketing systems; configuring, deploying, and monitoring enterprise security tools; and working with Security Info & Event Management (SIEM) systems
• Experience in Operations Center or Security Operations Center
• Experience in secure coding standards and application security, cyber supply chain risk management, emerging technology risk management, and threat model development / management
• Experience in project management (creating project plans, budgeting, and resource allocation)

Do you have what it takes to be a fit as a Sr Information Security Analyst at H-E-B?

• Understanding of Top 20 Critical Security Controls for Effective Cyber Defense
• Familiarity with Business Continuity and Disaster Recovery process / procedures / testing, and with retail environments
• Technical expertise in systems administration and security tools
• Strong interpersonal and communication skills
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff
• Ability to understand the customer's perspective and tailor solutions according to H-E-B's security posture
• Ability to influence others
• Service-oriented
• Comprehensive SQL knowledge
• Expert data visualization skills
• Strong communication and interpersonal skills
• Ability to extract, explore, and profile data
• Ability to communicate with all levels of stakeholders

• Proficiency in data analysis, report development, and visualization tools (e.g., Tableau, PowerBI, SQL, Python,), familiarity with security tools and technologies (e.g., SIEM, IDS/IPS, vulnerability scanners).
• Alteryx Experience
• Experience developing metrics, dashboards, and automating processes

Can you...

• Function in a fast-paced, retail, office environment
• Travel by car / plane with overnight stays
• Work extended hours, nights, weekends, and rotating shifts; sit for extended periods