Dollar General INFORMATION SECURITY ANALYST SR., RISK & COMPLIANCE in GOODLETTSVILLE, Tennessee
At Dollar General, our customer is at the center of everything we do! We are a fast-moving Fortune 200 publicly-traded company with more than 14,000 stores and 14 distribution centers in 44 states, growing by hundreds of stores each year. We work in an energetic atmosphere that embraces innovation and teamwork. At Dollar General, you can see a clear and fast path to career growth and success. We are committed to attracting talented and motivated people who can advance our mission of "Serving Others." Let's Grow Together!
Job Title: Information Security Analyst Sr. - Risk and Compliance
Department: IT Security
Reports to: Information Security Sr. Manager
Responsible for working with the information security management team to administer the Company’s information security programs; maintain Sarbanes-Oxley, HIPAA, and PCI DSS compliance programs; and support a variety of security systems and applications. Recommends, designs, implements, and administers information security controls that meet dynamic tactical and strategic information security objectives.
Duties and Responsibilities:
Maintains knowledge of current and emerging security, compliance, and technical developments. Identifies current and potential future vulnerabilities. Collaborates with others to identify, recommend, and develop risk remediation plans. Tracks remediation plans, outcomes and timelines.
Performs internal security risk assessments, security risk assessments of third party business partners, and detailed security risk assessments of various technologies. Examples include: directory services, database platforms, client and server operating systems, programming languages, web services, firewalls, remote access technologies, messaging platforms, encryption solutions, wireless technologies, internally-hosted applications, externally-hosted applications, cloud services, etc.
Works with the information security management team to administer, maintain, and continuously improve SOX, HIPAA, PCI DSS, and internal controls compliance programs, investigate known or suspected security incidents, support internal and external audits, and assist in the development and implementation of audit response Management Action Plans.
Uses project management best practices to initiate, manage, and close projects, often simultaneously across a variety of projects. Creates and maintains documents related to projects and information security.
Promotes security best practices via awareness, example, and compliance with policies and regulatory requirements.
Knowledge, Skills, and Abilities:
Familiar with and ability to apply time-proven, generally accepted information security methodologies, concepts and techniques.
Strong understanding of current and developing security technologies and trends.
Strong, effective written and oral communication skills that enables effective communications to multiple audiences.
Strong ability to organize and prioritize tasks.
Strong understanding of pragmatic implementation of information security controls, holistic defense-in-depth strategies, and protocols used to interconnect networks, and publish application resources.
Strong understanding of patch management and security configuration of enterprise technology systems.
Strong understanding of PCI, HIPAA, and SOX regulatory requirements.
Development/analysis proficiency in one or more scripting languages.
Ability to learn and retain skills required to adapt to evolving business and technical needs.
Ability to appropriately influence and motivate others.
Ability to occasionally work during non-standard shifts, in an on-call capacity, and be available for occasional travel (up to 5%).
Work Experience and/or Education:
College degree or equivalent experience in information security with a minimum five years of information security experience. Active CISSP, CISA, or CISM certification preferred.
Hands-on experience with use and administration of three or more of the following technologies: vulnerability scanning tools; advanced endpoint security; security information and event management (SIEM); data loss prevention (DLP); privileged user management (PUM); and governance risk and compliance (GRC).
Experience identifying and addressing security risks associated with host and network operating systems; enterprise services (e.g. directory services, email, content management and collaboration, web publishing, database, network routing and switching, and virtualization); client-server, thin-client, and web-based applications; enterprise applications (e.g. ERP); cloud services; and storage platforms.
Requisition ID: 2018-160697
External Company URL: http://www.dollargeneral.com