Information Security Analyst II GRC
Information Security Analyst II GRC
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
As Dominos continues to mature the information security program we recognize the value of an Information Security Analyst as one of the key enablers of such a program.
The position is a critical member of the Information Security team. The role will report directly to the Information Security Governance Risk & Compliance Manager and will work closely with other Team Members in the GRC team and broader Infosec team. The role is also expected to establish a strong working relationship with various Dominos team members.
The position will play an integral role in Dominos Governance Risk and Compliance (GRC) program and the role is expected to collaborate in a positive manner with other functions within the Dominos Technology department and other Dominos business units.
The candidate is expected to have proven knowledge and experience in information security IT compliance (focusing on PCI and SOX) IT risks and controls privacy (CCPA and GDPR) and business operations.
Responsibilities and Duties
- Execute and/or assist with security compliance processes and/or assessments (e.g. PCIDSS SarbanesOxley (SOX) CIS NIST).
- Collaborate with key stakeholders outside of GRC to ensure that regular compliance activities (i.e. vulnerability scans user access reviews narrative updates) are kept on track to comply with PCI DSS and SOX requirements.
- Participate in Governance processes to identify security risks and mitigations while providing input on other technical risks.
- Monitor and measure risk compliance and assurance to assess the effectiveness of security controls. Analyze risk for new or modified applications or systems and confirm that the level of risk is within acceptable limits for each application.
- Work closely with internal and external auditors on SOX PCI and governance activities.
- Provide support to teams during security events execute analysis and provide accurate and timely feedback.
- Present technical information to technical and nontechnical audiences.
- Serve as an internal consultant and advisor in own area of expertise (e.g. GRC PCI SOX).
- Develop or assist in the development of policies and protocols for governance compliance and IAM requirements.
- Ensure that remediation plans are in place for deficiencies identified during assessments. Appropriately track remediation timelines and communicate with deficiency owners to ensure timely remediation.
- Collect metrics and trending data to help develop strategic insights. Provide actionable recommendations to stakeholders.
- Create concise and readable reports to summarize potential cybersecurity deficiencies as well as remediation efforts that can be shared with technology leadership. Establish automated processes where possible to maintain realtime dashboards to highlight key metrics.
- Approach responsibilities with a positive attitude to keep team morale and engagement levels high.
Qualifications :
- A bachelors or masters degree in Computer Science Information Technology Business Administration or other related field.
- 3 to 5 years of general information technology work experience (more than 1 year of information security work experience in PCI and/or SOX is preferred for Infosec Analyst II role).
- Candidate should have exceptional troubleshooting and problemsolving skills.
- Candidate should be able to work in both group settings and independently.
- CISSP CISA CISM CRISC or other relevant certifications are desired but not required.
Required Technical Skills
- Ability to communicate complex information in a clear concise and organized manner with both technical and nontechnical audiences. Demonstrates skill in managing client relationships and expectations while showing a commitment to delivering quality results.
- Ability to apply critical thinking to evaluate information for reliability validity and relevance.
- Ability to function in a collaborative environment seeking consultation with analysts and experts to leverage technical expertise. Demonstrates ability to ask questions to key stakeholders outside of the GRC team.
- Ability to understand cyber security impact to the organization and how to apply cybersecurity principles to organizational requirements (relevant to confidentiality integrity availability).
- Knowledge of Payment Card Industry (PCI) Data Security Standards.
- Knowledge of application firewall concepts and functions (e.g. Single point of authentication/audit/policy enforcement message scanning for malicious content data anonymization for PCI and PII compliance data loss protection scanning accelerated cryptographic operations SSL security REST/JSON processing).
- Knowledge of SarbanesOxley (SOX) requirements including IT General Controls Application Controls and SOD testing.
- General knowledge of industry standard cybersecurity governance frameworks such as the CIS Critical Security Controls and NIST.
- Knowledge of risk management processes cybersecurity and privacy principles and cyber threats and vulnerabilities.
- Knowledge of information classification concepts. Knowledge of principles for managing risks related to handling of data and information.
- Knowledge of applicable business processes and operations.
- Knowledge of new and emerging IT cybersecurity technologies security issues risks and vulnerabilities.
Additional Information :
Location: Ann Arbor MI (Onsite MonThurs with Friday being flexible)
All your information will be kept confidential according to EEO guidelines.
Remote Work :
No
Employment Type :
Fulltime
Employment Type
Full-time
