Cybersecurity Analyst I

Location: Ann Arbor MI 

Compensation: 65-71k

As Dominos continues to mature the cybersecurity program we recognize the value of a Cybersecurity Analyst as one of the key enablers of such a program.

The position is a critical member of the Cybersecurity team. The role will report directly to the Cybersecurity Team Leader and will work closely with other Team Members in the GRC team and broader Infosec team. The role is also expected to establish a strong working relationship with various Dominos team members.

The position will play an integral role in Dominos Governance Risk and Compliance (GRC) program with a primary focus on performing risk reviews of new and current vendors used in the organization.  The role is expected to collaborate in a positive manner with other functions within the Dominos Technology department other Dominos business units and Dominos franchisees.

The candidate is expected to have proven knowledge and experience in cybersecurity IT risks and controls third-party vendor risk and business operations.

Responsibilities and Duties

• Evaluate cybersecurity and privacy assessments to ensure vendor compliance with best security practices and organizational standards using a variety of security frameworks (e.g. ISO 27001 CIS NIST PCI-DSS Sarbanes-Oxley).
• Ensure new vendors meet security requirements by investigating and verifying the vendors scope of work technologies cybersecurity standards MFA enforcement penetration test results external audit reports and access privileges in identity management systems.
• Maintain an updated risk register within the vendor management system showing vendor information scope of work stakeholders and associated cyber legal or operational risks.
• Issue a formal risk report on security gaps and vendor risks for Executive stakeholders on a quarterly basis and provide frequent updates on remediation efforts.
• Assist in the development of AI Governance for the organization to identify security risks and mitigations.
• Collaborate with procurement and legal teams to confirm security clauses in contracts (e.g. breach notification data handling) and ensure adherence to organizational cybersecurity policies
• Present to Franchisees on Cybersecurity best practices related to vendor relationships and respond in a timely manner to Franchisee vendor requests.
• Provide support to teams during security events (e.g. ransomware attacks or other security incidents) for third parties execute analysis and document vendor remediation efforts post-incident.
• Present technical information to technical and nontechnical audiences to explain vendor technologies and risks in detail.
• Provide actionable recommendations to stakeholders concerning third-party technologies to increase efficiency and promote cost savings throughout the organization.

Qualifications :

• A bachelors or masters degree in Computer Science Information Technology Business Administration or other related field.
• 1 to 2 years of general information technology work experience. More than 1 year of information security work experience in IT risks and controls (e.g. PCI and/or SOX) is preferred for Infosec Analyst I role.
• Candidate should have exceptional troubleshooting and problem-solving skills.
• Candidate should be able to work in both group settings and independently.
• CISSP CISA CISM CRISC or other relevant certifications are desired but not required.

Required Core Competencies

The team member in this role is expected to possess the relevant competencies:

• Follows through on commitments acts with integrity and takes personal responsibility for decisions actions and failures establishes clear responsibilities and processes for monitoring work and measuring results.
• Assumes positive intent of others works cooperatively with others across the organization to achieve shared objectives represents own interests well while being fair to others and their areas partners with others to get work done credits others for their contributions and accomplishments gains trust and support of others.
• Shows personal commitment and acts to continuously improve accepts assignments that broaden capabilities demonstrates curiosity and openness to differences new ideas and thinking demonstrates vulnerability including a willingness to ask for help or acknowledge mistakes.
• Gains insight into customer needs identifies opportunities that benefit the customer builds and delivers solutions that meet customer expectations establishes and maintains effective customer relationships.
• Promotes information sharing collaboration and transparency.
• Approach responsibilities with a positive attitude to keep team morale and engagement levels high.
• Aligns to and supports leadership strategic directives and contributes to teams objectives.

Required Technical Skills

• Ability to communicate complex information in a clear concise and organized manner with both technical and nontechnical audiences. Demonstrates skill in managing client relationships and expectations while showing a commitment to delivering quality results.
• Ability to apply critical thinking to evaluate information for reliability validity and relevance.
• Ability to function in a collaborative environment seeking consultation with analysts and experts to leverage technical expertise. Demonstrates ability to ask questions to key stakeholders outside of the GRC team.
• Ability to understand cyber security impact to the organization and how to apply cybersecurity principles to organizational requirements (relevant to confidentiality integrity availability).
• Knowledge of IT risks and controls.
• Knowledge of Sarbanes-Oxley (SOX) requirements including IT General Controls Application Controls and SOD testing.
• General knowledge of industry standard cybersecurity governance frameworks such as the CIS Critical Security Controls and NIST Cybersecurity Framework. 
• Knowledge of risk management processes cybersecurity and privacy principles and cyber threats and vulnerabilities.
• Knowledge of information classification concepts. Knowledge of principles for managing risks related to handling of data and information.
• Knowledge of applicable business processes and operations.
• Knowledge of new and emerging IT cybersecurity technologies security issues risks and vulnerabilities.

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Full-time