Lowe's Companies, Inc.
Sr. Analyst, Information Security (Third-Party Risk Management)
Lowe's Companies, Inc., Charlotte, North Carolina, United States, 28245
Sr. Analyst, Information Security (Third-Party Risk Management)
Join to apply for the
Sr. Analyst, Information Security (Third-Party Risk Management)
role at
Lowe’s Companies, Inc. Your Impact
The Third-Party Risk Senior Analyst is responsible for leading the assessment, monitoring, and mitigation of risks associated with the organization’s third-party relationships. This role will work cross-functionally with cybersecurity, legal, procurement, compliance, and business stakeholders to ensure vendors meet the company’s security, privacy, regulatory, and operational resilience standards. The ideal candidate will leverage industry best practices, risk quantification methodologies (e.g., FAIR), AI-driven assessment tools, and threat intelligence to strengthen third-party oversight across the enterprise. What You Will Do Conduct Risk Assessments
Evaluate third parties (vendors, partners, suppliers) for information security and operational risks.
Review Security Documentation
Analyze SOC reports, ISO certifications, SIG questionnaires, and other compliance materials.
Monitor Risk Posture
Continuously monitor third-party performance and security standing using internal tools and threat intelligence platforms.
Perform Due Diligence
Support onboarding and periodic reviews of third parties to ensure compliance with regulatory and company standards.
Collaborate Across Teams
Work closely with procurement, legal, InfoSec, and compliance to assess and manage vendor risk throughout the lifecycle.
Maintain Risk Inventory
Track and maintain an accurate inventory of third parties and associated risks.
Support Risk Remediation
Identify gaps and work with internal stakeholders and vendors to remediate control deficiencies.
Report on Risk Metrics
Create dashboards and reports to communicate risk findings, trends, and remediation status to leadership.
Stay Current on Threat Landscape
Research emerging threats (cybersecurity, geopolitical, regulatory) that may impact third-party relationships.
Assist in Framework Alignment
Ensure assessments align with risk frameworks (e.g., NIST, ISO, FAIR, SIG) and regulatory requirements (e.g., GDPR, CCPA).
Minimum Qualifications 4 Years of Experience in information security or equivalent military experience. Preferred Skills/Education Bachelor’s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work experience in a related field) IT experience in the retail industry Experience with Open-Source Intelligence (OSINT) tools and investigations Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management Experience conducting information security risk assessments of vendors and vendor software Hands-on experience on GRC Applications & TPRM tools like Archer, LogicGate, SAP GRC, OneTrust, ProcessUnity, ServiceNow, BitSight, Prevalent, Black Kite, etc. Retail business experience, Experience with open-source Tools. Experience with Vulnerability Management in Public/Hybrid cloud environments. Understanding of Secure Software Lifecycle Development. Relevant information security certifications (CISSP, CISM, CISA, CRISC, CTPRP, CTPRA, Security+, etc.) Where You’ll Be Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support. Lowe’s supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub Most business meetings are planned around the Eastern time zone. Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
#J-18808-Ljbffr
Join to apply for the
Sr. Analyst, Information Security (Third-Party Risk Management)
role at
Lowe’s Companies, Inc. Your Impact
The Third-Party Risk Senior Analyst is responsible for leading the assessment, monitoring, and mitigation of risks associated with the organization’s third-party relationships. This role will work cross-functionally with cybersecurity, legal, procurement, compliance, and business stakeholders to ensure vendors meet the company’s security, privacy, regulatory, and operational resilience standards. The ideal candidate will leverage industry best practices, risk quantification methodologies (e.g., FAIR), AI-driven assessment tools, and threat intelligence to strengthen third-party oversight across the enterprise. What You Will Do Conduct Risk Assessments
Evaluate third parties (vendors, partners, suppliers) for information security and operational risks.
Review Security Documentation
Analyze SOC reports, ISO certifications, SIG questionnaires, and other compliance materials.
Monitor Risk Posture
Continuously monitor third-party performance and security standing using internal tools and threat intelligence platforms.
Perform Due Diligence
Support onboarding and periodic reviews of third parties to ensure compliance with regulatory and company standards.
Collaborate Across Teams
Work closely with procurement, legal, InfoSec, and compliance to assess and manage vendor risk throughout the lifecycle.
Maintain Risk Inventory
Track and maintain an accurate inventory of third parties and associated risks.
Support Risk Remediation
Identify gaps and work with internal stakeholders and vendors to remediate control deficiencies.
Report on Risk Metrics
Create dashboards and reports to communicate risk findings, trends, and remediation status to leadership.
Stay Current on Threat Landscape
Research emerging threats (cybersecurity, geopolitical, regulatory) that may impact third-party relationships.
Assist in Framework Alignment
Ensure assessments align with risk frameworks (e.g., NIST, ISO, FAIR, SIG) and regulatory requirements (e.g., GDPR, CCPA).
Minimum Qualifications 4 Years of Experience in information security or equivalent military experience. Preferred Skills/Education Bachelor’s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work experience in a related field) IT experience in the retail industry Experience with Open-Source Intelligence (OSINT) tools and investigations Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management Experience conducting information security risk assessments of vendors and vendor software Hands-on experience on GRC Applications & TPRM tools like Archer, LogicGate, SAP GRC, OneTrust, ProcessUnity, ServiceNow, BitSight, Prevalent, Black Kite, etc. Retail business experience, Experience with open-source Tools. Experience with Vulnerability Management in Public/Hybrid cloud environments. Understanding of Secure Software Lifecycle Development. Relevant information security certifications (CISSP, CISM, CISA, CRISC, CTPRP, CTPRA, Security+, etc.) Where You’ll Be Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support. Lowe’s supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub Most business meetings are planned around the Eastern time zone. Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
#J-18808-Ljbffr