Address
Form of workJob Summary
:
The primary purpose of this role is to lead the development, enhancement and ongoing delivery of Information Security risk management tools, processes and reporting. This includes responsibility for creating, executing, and improving risk management processes and procedures with limited direct guidance from more senior-level security associates.
This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies. The individual in this role has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior level associates on the team. The goal of the risk management program is to develop and continually enhance procedures to efficiently assess and manage risk, and oversee implementation of relevant mitigating controls to enhance the Information Security posture. We welcome an innovative individual with an analytic mindset that embraces challenges and offers creative solutions.
Key Responsibilities
:
· Leads in the collection, analysis and continual enhancement of risk metrics to measure and provide visibility to the security posture at Lowe's
· Automate and explore new methodologies to create visualizations and dashboards to enhance management reporting.
· Develops aggregation methodologies to consolidate qualitative and quantitative data points into Key Risk Indicators (KRIs) and Key Process Indicators (KPIs)
· Able to describe key components of complicated concepts clearly to non-experts
· Create new processes as needed to enhance and/or improve reporting & oversight functions.
· Conducts Information Security risk assessments, based on company standards and risk appetite, leveraging demonstrated working knowledge of industry security practices
· Draft assessment reports for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed
· Leads in the collection, analysis and continual enhancement of risk metrics to measure and provide visibility to the security posture at Lowe's
· Develop and manage detailed project plans, taking into consideration resource availability, dependencies, and the work effort required for individual project tasks.
· Builds and grows a network of diverse partnerships, develops an understanding of formal and informal decision-making processes, and leverages knowledge of functional and cross-functional operations to accomplish work objectives
· Manages relationships with security, technology and business stakeholders to identify and communicate security risks and mitigation approaches
· Participate in the creation, execution and improvement of processes and procedures for risk management activities
· Participate in building/maintaining the risk and control library as well as identifying any gaps
· Acts as an advisor and single point of contact to business partner stakeholders and teams advocating security best practices
· Works proactively with the Security compliance function regarding key Information Security risk considerations
Minimum Qualifications
:
· Bachelor's degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
· 4 years of experience in Information Security
· Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
Preferred Qualifications
:
· IT experience in the retail industry
· Strong analytical skills with high attention to detail and accuracy
· Experience utilizing analytic tools (e.g., Alteryx) and visualization tools (e.g., PowerBI)
· Relevant Information Security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
· 3 years of experience conducting assessments or technical reviews to analyze risk
About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 17 million customer transactions a week in the U.S. With total fiscal year 2022 sales of over $97 billion, approximately $92
billion
of sales were generated in the U.S., where Lowe's operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
Pay Range for CA, CO, HI, NJ, NY, WA: $92,300.00 - $175,400.00 annually Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.
