IT Analyst, Risk GRC

Dollar Tree Chesapeake , VA 23320

Posted Yesterday

Job Description:

General Summary:

The GRC Analyst is a technical and analytical position within Dollar Tree's IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, vulnerability management, risk assessments, and security awareness. A successful applicant will be technical in nature with a high aptitude of both written and verbal communication skills.

The GRC Analyst position will provide timely and quality service to ensure policy, standards, and configurations are adequately maintained, communicated and compliance with internal and external policies or regulations. This position is responsible for managing, developing, maintaining and communicating company security policies, standards, and configurations in accordance with industry standards and best practices. GRC analysts are expected to have some experience and knowledge of industry practiced tools to perform their functions such as but not limited to: vulnerability and patch management packages, access and authorization tools, data loss prevention tools, third party management applications, and request for service application suites. The GRC Analyst will participate in the evaluation and deployment of security-focused infrastructure as well as provide consultation, architectural review, risk analysis, vulnerability testing and security reviews of many elements of Dollar Tree/Family Dollar systems.

Principal Duties & Responsibilities:

  • Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances

  • Provide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks.

  • Conduct and track information security assessments of third party vendors to determine their ability to protect data

  • Participates in projects and assessments to establish risk determination and remediation

  • Using industry best practices and tools, be able to utilize technology based tools to validate controls are in place as established.

  • Lead the development, update and compliance of corporate information security policies, guidelines and standards

  • Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment

  • Develop the comprehensive information security awareness program and run year round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements.

  • Maintain security and compliance metrics that are meaningful and actionable for Sr. Management. Metrics should establish baselines, highlight progress and drive behaviors

  • Coordinate with internal and external audit and compliance groups on improvement of information technology controls

  • Experience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessments

Position Requirements:

  • Bachelor's degree in business, information systems or computer science or equivalent experience

  • 3-5 years' experience in information technology; preferably in information security compliance/audit/control or related experiences

  • Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy

  • Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc

  • Application development, scripting and database knowledge a plus

  • Demonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks

  • Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing; Microsoft office suite proficiency required

  • Strong analytical skills, to analyze security requirements and relate them to appropriate security controls

  • Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc a plus

Job Description

General Summary:

The GRC Analyst is a technical and analytical position within Dollar Tree's IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, vulnerability management, risk assessments, and security awareness. A successful applicant will be technical in nature with a high aptitude of both written and verbal communication skills.

The GRC Analyst position will provide timely and quality service to ensure policy, standards, and configurations are adequately maintained, communicated and compliance with internal and external policies or regulations. This position is responsible for managing, developing, maintaining and communicating company security policies, standards, and configurations in accordance with industry standards and best practices. GRC analysts are expected to have some experience and knowledge of industry practiced tools to perform their functions such as but not limited to: vulnerability and patch management packages, access and authorization tools, data loss prevention tools, third party management applications, and request for service application suites. The GRC Analyst will participate in the evaluation and deployment of security-focused infrastructure as well as provide consultation, architectural review, risk analysis, vulnerability testing and security reviews of many elements of Dollar Tree/Family Dollar systems.

Principal Duties & Responsibilities:

  • Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances

  • Provide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks.

  • Conduct and track information security assessments of third party vendors to determine their ability to protect data

  • Participates in projects and assessments to establish risk determination and remediation

  • Using industry best practices and tools, be able to utilize technology based tools to validate controls are in place as established.

  • Lead the development, update and compliance of corporate information security policies, guidelines and standards

  • Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment

  • Develop the comprehensive information security awareness program and run year round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements.

  • Maintain security and compliance metrics that are meaningful and actionable for Sr. Management. Metrics should establish baselines, highlight progress and drive behaviors

  • Coordinate with internal and external audit and compliance groups on improvement of information technology controls

  • Experience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessments

Position Requirements:

  • Bachelor's degree in business, information systems or computer science or equivalent experience

  • 3-5 years' experience in information technology; preferably in information security compliance/audit/control or related experiences

  • Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy

  • Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc

  • Application development, scripting and database knowledge a plus

  • Demonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks

  • Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing; Microsoft office suite proficiency required

  • Strong analytical skills, to analyze security requirements and relate them to appropriate security controls

  • Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc a plus

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
General Summary The GRC Analyst Is A Technical And Analytical Position Within Dollar TreeS IT Security Team Focused Primarily On Issues In Governance Risk & Compliance (Grc) Which Include Risk Management Vendor Management Compliance Management Vulnera

Dollar Tree

Posted 4 months ago

VIEW JOBS 7/21/2019 12:00:00 AM 2019-10-19T00:00 Job Description General Summary: The GRC Analyst is a technical and analytical position within Dollar Tree's IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, vulnerability management, risk assessments, and security awareness. A successful applicant will be technical in nature with a high aptitude of both written and verbal communication skills. The GRC Analyst position will provide timely and quality service to ensure policy, standards, and configurations are adequately maintained, communicated and compliance with internal and external policies or regulations. This position is responsible for managing, developing, maintaining and communicating company security policies, standards, and configurations in accordance with industry standards and best practices. GRC analysts are expected to have some experience and knowledge of industry practiced tools to perform their functions such as but not limited to: vulnerability and patch management packages, access and authorization tools, data loss prevention tools, third party management applications, and request for service application suites. The GRC Analyst will participate in the evaluation and deployment of security-focused infrastructure as well as provide consultation, architectural review, risk analysis, vulnerability testing and security reviews of many elements of Dollar Tree/Family Dollar systems. Principal Duties & Responsibilities: * Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances * Provide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks. * Conduct and track information security assessments of third party vendors to determine their ability to protect data * Participates in projects and assessments to establish risk determination and remediation * Using industry best practices and tools, be able to utilize technology based tools to validate controls are in place as established. * Lead the development, update and compliance of corporate information security policies, guidelines and standards * Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment * Develop the comprehensive information security awareness program and run year round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements. * Maintain security and compliance metrics that are meaningful and actionable for Sr. Management. Metrics should establish baselines, highlight progress and drive behaviors * Coordinate with internal and external audit and compliance groups on improvement of information technology controls * Experience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessments Position Requirements: * Bachelor's degree in business, information systems or computer science or equivalent experience * 3-5 years' experience in information technology; preferably in information security compliance/audit/control or related experiences * Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy * Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc… * Application development, scripting and database knowledge a plus * Demonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks * Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing; Microsoft office suite proficiency required * Strong analytical skills, to analyze security requirements and relate them to appropriate security controls * Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc… a plus Dollar Tree Chesapeake VA

IT Analyst, Risk GRC

Dollar Tree