Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers Save time. Save money. Every day.R by offering products that are frequently used and replenished, such as food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares and seasonal items at everyday low prices in convenient neighborhood locations. Dollar General operates more than 18,000 stores in 47 states, and we're still growing. Learn more about Dollar General at www.dollargeneral.com.
Responsible for (i) working with the information security management team to administer the Company's information security programs, maintain Sarbanes-Oxley (SOX), HIPAA, and PCI DSS compliance programs, and support a variety of systems and applications, (ii) contributing across a variety of IT projects, and (iii) as a team member, recommending, designing, implementing, administering, etc. pragmatic information security controls that meet dynamic tactical and strategic information security objectives. Primary focus is governance, risk, and compliance (-GRC-) / integrated risk management (-IRM-) processes, solutions, and support.
Duties and Responsibilities
Perform effective security risk assessments of services, solutions, and vendors by (i) staying current with security risk assessment techniques and trends, (ii) performing independent research to gather and document security posture information; (iii) identifying areas of risk and evaluating for applicability and severity; (iv) tracking, updating, and centrally maintaining identified risk information; (v) identifying and recommending pragmatic risk remediation options; (vi) drafting comprehensive risk assessment reports, and (vii) collaborating with and providing guidance to business owners to ensure identified risks are managed to risk-appropriate remediation, transference, avoidance, or acceptance outcomes.
Support defined Company operating principles; help analyze, define, implement, and administer efficient business processes related to the information security program; support a variety of security technologies in a hands-on manner; monitor service request queues and provide first tier support to internal customers, owning tickets and driving resolution; use project management best practices to initiate, manage, and close projects; and create and maintain documents related to projects and information security policies, standards, procedures, recommendations, etc.
Analyze current and emerging security best practices, and legal and industry regulatory compliance requirements, for applicability. (Including ESG environmental, social, and governance considerations.) Stay current with associated security and industry trends, best practices, and standards. Examples include PCI DSS, SOX, HIPAA, GDPR, CCPA.
Work with the information security management team to administer, maintain, and continuously improve applicable regulatory and internal controls compliance programs, investigate known or suspected security incidents, and support internal and external audits.
Participate in meetings; build and maintain strong partnerships with multiple departments; participate in vendor support engagements; and other duties as required.
Knowledge, Skills and Abilities
Understanding of pragmatic information security controls and holistic defense-in-depth strategies
Understanding of current and developing industry and information security technologies, risks, and trends
Working knowledge of security frameworks such as SCF, NIST, ISO 27001, etc.
Written and oral communication skills that enable effective communications to appropriate audiences
Extreme attention to detail always leaning toward caution
Ability to learn and retain new skills required to adapt to evolving business and technical environments
Ability to influence and motivate others
Ability to occasionally work during non-standard shifts and in an on-call capacity and be available for occasional travel (up to 5%)
Work and Experience
College degree or equivalent experience in information security or computer information systems.
Minimum 2-3 years of information security experience, preferably in the GRC/IRM realm. Experience interpretating data from multiple sources to quantify potential risk and impact.
Hands-on experience with Integrated Risk Management platforms supporting governance, risk, compliance, and security at an enterprise level. (e.g., OneTrust, RSA Archer, ServiceNow, etc.), common controls frameworks (e.g., Secure Controls Framework, etc.), and threat intelligence platforms, feeds, and services.
Experience identifying and addressing security risks associated with host and network operating systems (e.g. Windows, Linux, AIX, AS400, PAN OS, Cisco IOS, etc.); enterprise services (e.g. directory services, email, content management and collaboration, web publishing, database, virtualization, etc.); client-server, thin-client, and web-based applications; enterprise applications; cloud services (e.g. SaaS, IaaS, etc.); data storage, security architecture, network communications technologies and protocols, etc.
Indeed Job Title: INFORMATION SECURITY ANALYST
Requisition ID: 2023-276498
Street: 100 MISSION RDG
External Company URL: http://www.dollargeneral.com
