Lead Security Analyst in Charlotte, NC at Vaco

Date Posted: 1/4/2021

Job Snapshot

Job Description

**U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.**

Key Responsibilities:

  • Provides direction and oversight to project teams to design, develop, deploy and sustain solutions that meet PCI DSS requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
  • Works collaboratively across multiple business units to gather documentation for PCI Level-1 Assessments
  • Provides PCI Remediation Consulting
  • Develops and presents Executive presentations and deliverables related to PCI projects
  • Analyzes data to detect trends, make recommendations, and provide reporting, defines reporting requirements for standard reports
  • Leads activities to assess adherence to the information security processes supported
  • Answers questions from associates about the information security processes supported; handles more complex questions/issues elevated from other analysts on the team
  • Designs and facilitates process optimization initiatives
  • Serves as an escalation point and mentor for junior staff for the most complex support problems
  • Maintains process documentation repositories; ensures information is compiled in an organized manner
  • Leads efforts to develop standard operating procedures; identifies and incorporates improvements on procedures based on best practices and industry trends
  • Collaborates with management to determine information security metrics and leads the collection of information security metrics
  • Consolidates security-related findings, tracks KPIs, and presents results to information security and business leaders and/or vendors
  • Translates and documents business needs into technical requirements and solutions
  • Advises users and team members on the execution of complex processes, interprets standards and regulations, and assists with solutions
  • Creates and optimizes frameworks and tools and leads assessments of applications and businesses processes to help Lowe's integrate security services
  • Provides direction, coaching, and training to more junior level analysts to ensure that they have the knowledge and tools needed and to assist them with complex tasks
  • Mentors and advises others, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls
  • Facilitates cross-functional (security, technology, business) teams to solve complex problems
  • Provides insight and consultation to help ensure new and existing security solutions are developed with insight into industry best practices, strategies, and architectures
  • Partners with senior key stakeholders to develop and/or update Information Security documents such as policies, standards, procedures, training

Minimum Qualifications:

  • Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
  • 6 years of experience in information security
  • Advanced understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)

Preferred Qualifications:

  • 3 years of experience developing Cybersecurity or information assurance policies, standards, awareness training, or equivalent issuances (specific to Security Governance, Risk & Compliance role)
  • 3 years of experience conducting assessments or technical reviews to analyze risk (specific to Security Governance, Risk & Compliance role)
  • Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management (specific to Security Governance, Risk & Compliance role)
  • Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) (specific to Security Governance, Risk & Compliance role)
  • Experience conducting information security risk assessments of vendors and vendor software (specific to Security Governance, Risk & Compliance role)
**U.S. Citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.**