Security Analyst II

Job Description

The Information Security team is looking for people who deeply understand information security and are dissatisfied with state of the art. We are building a team of people who are pragmatic and visionary at the same time: who can take strong executive support and a strategic commitment to transformation and run with that to build something better and smarter. We are looking for those agents of change, people willing and able to leave a mark not just on a Fortune500 company, but on an entire industry.

Sr. Analyst (Information Security Compliance) plays an integral part in coordinating the development, implementation, and compliance of information risk management controls. Includes working with control owners to ensure compliance with SOX and PCI audits, as well as working with IT teams to remediate Internal Audit findings. The analyst is responsible for managing risks and ensuring control activities and processes are in place related to the use of information technology, information security, privacy, regulatory compliance and governance.

This position is 4 days in office, 1 day remote per week, based at our corporate headquarters in Raleigh, North Carolina (North Hills) 

Responsibilities

• Update Risk and Control Matrix
• Conduct gap analysis to authoritative control frameworks including SOX, PCI and NIST
• Maintain Policies and Standards for the Cybersecurity functions
• Conduct annual risk assessments to help prioritize necessary process changes
• Assess design and operating effectiveness of IT controls
• Establish and maintain key metrics to evaluate compliance program
• Monitoring and reporting of ITGCs including SOX and PCI related controls
• Manage understanding of risk tolerance and risk exposure across the organization and be able to communicate to responsible team members
• Understand voice of the customer and proactively evaluate current or emerging consumer technologies so that policy can align with business needs
• Partner with technology and business groups to assess, implement, and monitor IT- related security risks and controls
• Advise business-led technology projects on IT risk awareness and standards compliance
• Effectively utilize the AAPs standard requirements process.
• Ensure requirements are in line with the business vision and the solution meets the requirements.
• Mentor business partners and IT team in requirements processes
• Maintain a working knowledge of the business area.
• Collaborate with system owners in achieving and maintaining User Access Reviews (UAR) compliance.
• Collect and submit accurate UAR from various system control owners in a timely manner. Train and support system owners on their roles/responsibilities in the UAR process.
• Collaborate with audit teams in submitting UAR compliance evidence, objective requirements, and remediation efforts.
• Processes improvement mindset to increase efficiency and effectiveness of controls while working to reduce business impact

We are seeking the following qualifications:

• Bachelor's degree in Computer Science or equivalent experience
• 5+ years’ experience in governance risk and compliance or  related areas
• Any industry recognized security certification is preferred (CISA, CISSP, etc)
• Strong communication and collaboration skills and experience interacting at all levels throughout IT/business teams and working within large, matrixed organizations
• Able to work independently with strong critical thinking, decision making, troubleshooting and problem-solving skills

California Residents click below for Privacy Notice:

Https://Jobs.Advanceautoparts.Com/Us/En/Disclosures