Risk Analyst
The Risk Analyst is a key role within the Dollar Tree/Family Dollar organization reporting into the Manager of Security.
Responsible for ensuring the security of sensitive data and systems.
This position places a strong emphasis on vulnerability management, NIST Cybersecurity Framework (CSF) compliance, third-party risk management, and PCI-DSS.
This position will assist the organization in ensuring that security standards are met, vulnerabilities are mitigated, in compliance with PCI regulatory requirements, and third-party relationships are secure.
The Information Security Risk Analyst is responsible for identifying, assessing, and mitigating security risks to safeguard the organization's data, systems, and infrastructure.
They play a vital role in maintaining the security posture of the organization and ensuring compliance with security standards and regulations.
Location Hybrid position located in Dallas, TX or Chesapeake, VA.
Principal Duties and
Responsibilities:
PCI-DSS and QSA
Experience:
Utilize QSA certification and experience to assess PCI-DSS compliance and provide expertise in cardholder data security.
Risk Assessment:
Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities.
This involves analyzing systems, applications, and processes to assess their security weaknesses.
Risk Mitigation:
Develop and implement strategies to mitigate identified risks, including recommending security controls, policies, and procedures to protect the organization's assets.
Security Policies and Procedures:
Assist in the development and enforcement of security policies, procedures, and standards to ensure compliance with industry regulations and best practices.
Incident Response:
Participate in the development and maintenance of incident response plans and procedures.
Assist in investigating and responding to security incidents and breaches.
Security Awareness:
Promote security awareness and best practices among employees and stakeholders to reduce the human factor in security vulnerabilities.
Compliance:
Monitor and ensure compliance with relevant security regulations, such as GDPR, PCI-DSS, or industry-specific standards.
Security Metrics and Reporting:
Collect and analyze security data and create reports to inform management about the organization's security posture.
Present findings and recommendations to stakeholders.
Security Tools and Technologies:
Utilize and maintain security tools and technologies such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and vulnerability assessment tools.
Vendor and Third-Party Risk Assessment:
Assess the security posture of third-party vendors and service providers to ensure they meet the organization's security standards.
Security Audits:
Collaborate with internal and external auditors to facilitate security audits and assessments.
Minimum Requirements/Qualifications Bachelor's degree in a related field, such as computer science, information technology, or cybersecurity.
A master's degree or relevant certifications (e.
g.
, CISSP, CISM, CISA) can be advantageous.
2 to 5 years of experience focused on PCI-DSS and assessing for compliance with PCI regulatory requirements.
Demonstrated experience in information security and risk analysis is a plus.
Experience in information security or risk analysis depending on the organization's requirements.
Proficiency in security frameworks, compliance standards, and security best practices.
Strong understanding of risk management concepts.
Familiarity with security tools, technologies, and software used for risk assessment, such as vulnerability scanning tools and SIEM systems.
Strong analytical and problem-solving skills to assess risks, identify vulnerabilities, and recommend solutions.
Excellent written and verbal communication skills for reporting and presenting findings to stakeholders.
Ability to collaborate with cross-functional teams and work effectively in a team-oriented environment.
Keen eye for detail to identify and address security vulnerabilities.
Knowledge of ethics and legal considerations in information security to ensure compliance and ethical behavior.
The ability to stay updated on the latest security threats, technologies, and best practices in a constantly evolving field.
Desired Qualifications CISSP (Certified Information Systems Security Professional) CISA (Certified Information Systems Auditor) CEH (Certified Ethical Hacker) CISM (Certified Information Security Manager) Recommended Skills Analytical Assessments Attention To Detail Certified Information Security Manager Certified Information Systems Security Professional Communication Estimated Salary: $20 to $28 per hour based on qualifications.
Responsible for ensuring the security of sensitive data and systems.
This position places a strong emphasis on vulnerability management, NIST Cybersecurity Framework (CSF) compliance, third-party risk management, and PCI-DSS.
This position will assist the organization in ensuring that security standards are met, vulnerabilities are mitigated, in compliance with PCI regulatory requirements, and third-party relationships are secure.
The Information Security Risk Analyst is responsible for identifying, assessing, and mitigating security risks to safeguard the organization's data, systems, and infrastructure.
They play a vital role in maintaining the security posture of the organization and ensuring compliance with security standards and regulations.
Location Hybrid position located in Dallas, TX or Chesapeake, VA.
Principal Duties and
Responsibilities:
PCI-DSS and QSA
Experience:
Utilize QSA certification and experience to assess PCI-DSS compliance and provide expertise in cardholder data security.
Risk Assessment:
Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities.
This involves analyzing systems, applications, and processes to assess their security weaknesses.
Risk Mitigation:
Develop and implement strategies to mitigate identified risks, including recommending security controls, policies, and procedures to protect the organization's assets.
Security Policies and Procedures:
Assist in the development and enforcement of security policies, procedures, and standards to ensure compliance with industry regulations and best practices.
Incident Response:
Participate in the development and maintenance of incident response plans and procedures.
Assist in investigating and responding to security incidents and breaches.
Security Awareness:
Promote security awareness and best practices among employees and stakeholders to reduce the human factor in security vulnerabilities.
Compliance:
Monitor and ensure compliance with relevant security regulations, such as GDPR, PCI-DSS, or industry-specific standards.
Security Metrics and Reporting:
Collect and analyze security data and create reports to inform management about the organization's security posture.
Present findings and recommendations to stakeholders.
Security Tools and Technologies:
Utilize and maintain security tools and technologies such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and vulnerability assessment tools.
Vendor and Third-Party Risk Assessment:
Assess the security posture of third-party vendors and service providers to ensure they meet the organization's security standards.
Security Audits:
Collaborate with internal and external auditors to facilitate security audits and assessments.
Minimum Requirements/Qualifications Bachelor's degree in a related field, such as computer science, information technology, or cybersecurity.
A master's degree or relevant certifications (e.
g.
, CISSP, CISM, CISA) can be advantageous.
2 to 5 years of experience focused on PCI-DSS and assessing for compliance with PCI regulatory requirements.
Demonstrated experience in information security and risk analysis is a plus.
Experience in information security or risk analysis depending on the organization's requirements.
Proficiency in security frameworks, compliance standards, and security best practices.
Strong understanding of risk management concepts.
Familiarity with security tools, technologies, and software used for risk assessment, such as vulnerability scanning tools and SIEM systems.
Strong analytical and problem-solving skills to assess risks, identify vulnerabilities, and recommend solutions.
Excellent written and verbal communication skills for reporting and presenting findings to stakeholders.
Ability to collaborate with cross-functional teams and work effectively in a team-oriented environment.
Keen eye for detail to identify and address security vulnerabilities.
Knowledge of ethics and legal considerations in information security to ensure compliance and ethical behavior.
The ability to stay updated on the latest security threats, technologies, and best practices in a constantly evolving field.
Desired Qualifications CISSP (Certified Information Systems Security Professional) CISA (Certified Information Systems Auditor) CEH (Certified Ethical Hacker) CISM (Certified Information Security Manager) Recommended Skills Analytical Assessments Attention To Detail Certified Information Security Manager Certified Information Systems Security Professional Communication Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
