Dollar General
Information Security Analyst SR.
Dollar General, Goodlettsville, Tennessee, United States, 37072
Work Where You Matter
At Dollar General, our mission is Serving Others! We value each and every one of our employees. Whether you are looking to launch a new career in one of our many convenient store locations, distribution centers, store support center or with our private fleet team, we are proud to provide a wide range of career opportunities. We are not just a retail company; we are a company that values the unique strengths and perspectives that each individual brings. Your difference truly makes a difference at Dollar General. How would you like to serve? Join the Dollar General Journey and see how your career can thrive.
Company Overview Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers save time, save money, every day by offering products that are frequently used and replenished—food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares, and seasonal items at everyday low prices in convenient neighborhood locations.
Duties & Responsibilities
Perform effective security risk assessments of services, solutions, and vendors, staying current with risk assessment techniques and trends, conducting independent research, identifying risk areas, tracking and maintaining risk information, recommending remediation, drafting comprehensive risk assessment reports, and collaborating with and guiding business owners to manage identified risks.
Support defined company operating principles by analyzing, defining, implementing, and administering efficient business processes related to the information security program; support a variety of security technologies hands‑on, monitor service request queues, provide first‑tier support to internal customers, use project‑management best practices to initiate, manage, and close projects, and create and maintain project and policy documentation.
Analyze current and emerging security best practices and legal/industry regulatory compliance requirements for applicability; stay current with PCI DSS, SOX, HIPAA, GDPR, CCPA and related trends, best practices, and standards.
Administer, maintain, and continuously improve applicable regulatory and internal controls compliance programs; investigate known or suspected security incidents and support internal and external audits.
Participate in meetings, build and maintain strong partnerships with multiple departments, engage in vendor support, and perform other duties as required.
Knowledge, Skills and Abilities (KSAs)
Understanding of pragmatic information security controls and holistic defense‑in‑depth strategies.
Understanding of current and developing information security technologies and trends.
Working knowledge of security frameworks such as NIST, ISO 27001, etc.
Strong written and oral communication skills that enable effective communication to appropriate audiences.
Extreme attention to detail with a cautionary approach.
Ability to learn and retain new skills required to adapt to evolving business and technical environments.
Ability to influence and motivate others.
Ability to occasionally work during non‑standard shifts and in an on‑call capacity, and be available for occasional travel (up to 5%).
Qualifications Work Experience &/or Education:
College degree or equivalent experience in information security or computer information systems.
Minimum 2‑3 years of information security experience, preferably in the GRC/IRM realm; hands‑on Navex (formerly LockPath) Keylight experience and/or certifications preferred.
Hands‑on experience with GRC/IRM workflow, asset, and process management platforms (e.g., Navex (LockPath) Keylight, RSA Archer, MetricStream, ServiceNow, etc.), common control frameworks (e.g., UCF, Adobe CCF, etc.), and threat intelligence platforms, feeds, services.
Experience identifying and addressing security risks associated with host and network operating systems (e.g., Windows, Linux, AIX, AS400, PAN OS, Cisco IOS, etc.); enterprise services (e.g., directory services, email, content management and collaboration, web publishing, database, virtualization, etc.); client‑server, thin‑client, and web‑based applications; enterprise applications (e.g., Lawson); cloud services (e.g., SaaS, IaaS, etc.); data storage, security architecture, network communications technologies and protocols, etc.
#J-18808-Ljbffr
At Dollar General, our mission is Serving Others! We value each and every one of our employees. Whether you are looking to launch a new career in one of our many convenient store locations, distribution centers, store support center or with our private fleet team, we are proud to provide a wide range of career opportunities. We are not just a retail company; we are a company that values the unique strengths and perspectives that each individual brings. Your difference truly makes a difference at Dollar General. How would you like to serve? Join the Dollar General Journey and see how your career can thrive.
Company Overview Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers save time, save money, every day by offering products that are frequently used and replenished—food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares, and seasonal items at everyday low prices in convenient neighborhood locations.
Duties & Responsibilities
Perform effective security risk assessments of services, solutions, and vendors, staying current with risk assessment techniques and trends, conducting independent research, identifying risk areas, tracking and maintaining risk information, recommending remediation, drafting comprehensive risk assessment reports, and collaborating with and guiding business owners to manage identified risks.
Support defined company operating principles by analyzing, defining, implementing, and administering efficient business processes related to the information security program; support a variety of security technologies hands‑on, monitor service request queues, provide first‑tier support to internal customers, use project‑management best practices to initiate, manage, and close projects, and create and maintain project and policy documentation.
Analyze current and emerging security best practices and legal/industry regulatory compliance requirements for applicability; stay current with PCI DSS, SOX, HIPAA, GDPR, CCPA and related trends, best practices, and standards.
Administer, maintain, and continuously improve applicable regulatory and internal controls compliance programs; investigate known or suspected security incidents and support internal and external audits.
Participate in meetings, build and maintain strong partnerships with multiple departments, engage in vendor support, and perform other duties as required.
Knowledge, Skills and Abilities (KSAs)
Understanding of pragmatic information security controls and holistic defense‑in‑depth strategies.
Understanding of current and developing information security technologies and trends.
Working knowledge of security frameworks such as NIST, ISO 27001, etc.
Strong written and oral communication skills that enable effective communication to appropriate audiences.
Extreme attention to detail with a cautionary approach.
Ability to learn and retain new skills required to adapt to evolving business and technical environments.
Ability to influence and motivate others.
Ability to occasionally work during non‑standard shifts and in an on‑call capacity, and be available for occasional travel (up to 5%).
Qualifications Work Experience &/or Education:
College degree or equivalent experience in information security or computer information systems.
Minimum 2‑3 years of information security experience, preferably in the GRC/IRM realm; hands‑on Navex (formerly LockPath) Keylight experience and/or certifications preferred.
Hands‑on experience with GRC/IRM workflow, asset, and process management platforms (e.g., Navex (LockPath) Keylight, RSA Archer, MetricStream, ServiceNow, etc.), common control frameworks (e.g., UCF, Adobe CCF, etc.), and threat intelligence platforms, feeds, services.
Experience identifying and addressing security risks associated with host and network operating systems (e.g., Windows, Linux, AIX, AS400, PAN OS, Cisco IOS, etc.); enterprise services (e.g., directory services, email, content management and collaboration, web publishing, database, virtualization, etc.); client‑server, thin‑client, and web‑based applications; enterprise applications (e.g., Lawson); cloud services (e.g., SaaS, IaaS, etc.); data storage, security architecture, network communications technologies and protocols, etc.
#J-18808-Ljbffr