Info Security Analyst II

Job Description

The primary purpose of the Security Analyst II – Third Party Risk is to conduct third party information security risk assessments. This includes responsibility for ensuring that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals and assessing the effectiveness of security controls for data connections to the Lowe’s environment.

RESPONSIBILITY STATEMENT

• Maintains an understanding of security-related IT controls and various testing methods utilized to discover the effectiveness of those controls
• Works in a team responsible for verifying and validating security compliance against corporate standards, regulatory and other industry defined policies
• Provides vulnerability assessments, gap analysis, risk analysis, and coordinates other discrete security testing as required for the given platform, application, or environment, including penetration testing and code and architectural reviews
• Demonstrates the ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means
• Possesses knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
• Demonstrates knowledge of cybersecurity and privacy principles
• Demonstrates knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
• Demonstrates knowledge of NIST 800-53 controls and the Cybersecurity Framework (CSF 1.1)

REQUIRED EDUCATION/ EXPERIENCE

• H.S. Diploma in General Studies with 6+ years of experience OR Bachelor's Degree in Computer Science or related field with 4 years of experience
• 2+ years of experience as a Security Analyst or equivalent
• Analytical/problem-solving skills. Ability to communicate effectively with both technical and non-technical personnel. Knowledge of infrastructure (networks and servers), services and security policies. Ability to work in a team environment

REFERRED EDUCATION/ EXPERIENCE

• Bachelor's Degree in Computer Science or related field with 4 years of experience
• Familiar with networks and data analysis
• Familiar with IT infrastructure design and documentation
• Familiar with network and system architectures
• Familiar with incident response methodologies 'Retail' industry experience in an Information Technology related area
• One or more of the following Information Security certifications: CISSP, CISM, CISA, CRIS