Ross Stores
Lead, Security Analysis (IT Risk Management)
Ross Stores, Dublin, California, United States, 94568
Our values start with our people, join a team that values you!
Bring your talents to Ross, our leading off‑price retail chain with over 2,200 stores, and a strong track record of success and growth. Our focus has always been bringing our customers a constant stream of high‑quality brands and on‑trend merchandise at extraordinary savings, all while providing a fun and exciting treasure hunt experience.
As part of our team, you will experience:
Success.
Our winning team pursues excellence while learning and evolving. Career growth.
We develop industry leading talent because Ross grows when our people grow. Teamwork.
We work together to solve the hard problems and find the right solution. Our commitment to Diversity, Equality & Inclusion, and our community.
We celebrate the backgrounds, identities, and ideas of those who work and shop with us because our differences make us stronger. We strive to be a positive force in our community.
Our Corporate headquarters are in Dublin, CA, we have 3 buying offices in key markets in New York City, Los Angeles, and Boston, and 8 distribution centers nationwide. With 2023 revenues of $20.4 billion, we are a Fortune 500 company who is committed to providing an inclusive work environment with continuous learning opportunities and development for our teams.
General Purpose Lead, Security Analysis is the senior member of the Cybersecurity Risk Management group responsible for leading and executing third‑party security risk management and governance processes within the organization. This includes performing risk assessments, tracking mitigation efforts, and developing risk metrics and reports. The position also leads security‑risk related projects and enhances programs, such as third‑party risk assessments, insider threat management, updating security policies and standards, and executing security awareness programs for corporate and overseas offices.
Base salary range: $119,900 – $204,550.
Essential Functions
Provides subject‑matter expertise in all aspects of risk management, including performing risk assessments to identify security issues and recommend remediation strategies.
Leads third‑party risk management programs and establishes supporting processes across the enterprise.
Identifies and implements improvements to enhance the Cybersecurity Risk Management program through process optimization, solutions, policies, procedures, KPIs, and other techniques.
Performs third‑party risk management and reviews contracts to ensure necessary security controls are included.
Develops standards to support vendor selection and the RFP process and participates in product and vendor selection to provide subject‑matter expertise on information security risk and compliance.
Maintains a risk register and develops Cybersecurity Risk Management metrics and reports, collaborating with Compliance Manager, Secure SDLC Manager, Information Security, and IT groups to gather and analyze metrics.
Leads information security awareness programs by conducting exercises to educate employees on best practices.
Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
Competencies
People:
Building Effective Teams, Developing Talent, Collaboration.
Self:
Leading by Example, Communicating Effectively, Ensuring Accountability and Execution, Managing Conflict.
Business:
Business Acumen, Planning, Aligning and Prioritizing, Organizational Agility.
Specific Position‑Related:
Technical Competence and Expertise, Analysis / Judgment, Communication, Customer Service.
Qualifications and Special Skills Required
Five years of experience within Information Technology with at least 3 in Security and/or Risk Management.
Bachelor’s degree preferred or equivalent combination of education and relevant experience.
Strong understanding of security governance, compliance, and risk management principles.
Proficient in Microsoft Word, Excel, and PowerPoint.
Excellent analytical, organizational, and communication skills.
Strong Project Management skills.
Preferred Qualifications
CISSP (Certified Information Systems Security Professional).
CRISC (Certified in Risk and Information Systems Control).
Working knowledge of UNIX and Windows.
Experience with firewalls, VPN, PKI, IPS.
Experience with Oracle and MS SQL.
Virtualization security, software programming skills.
Physical Requirements / ADA Job requires ability to work in an office environment, primarily on a computer. Requires sitting, standing, walking, hearing, talking on the telephone, attending in‑person meetings, typing, and working with paper/files. Requires consistent timeliness and regular attendance. Vision requirements: ability to see information in print and/or electronically.
This role requires regular in‑office presence, including in‑person team interaction, meetings, collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in‑office and remote work.
Supervisory Responsibilities N/A
Disclaimer This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all‑inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.
Equal Employment Opportunity Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire, and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (including pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, and any other category protected by federal, state or local laws.
#J-18808-Ljbffr
Bring your talents to Ross, our leading off‑price retail chain with over 2,200 stores, and a strong track record of success and growth. Our focus has always been bringing our customers a constant stream of high‑quality brands and on‑trend merchandise at extraordinary savings, all while providing a fun and exciting treasure hunt experience.
As part of our team, you will experience:
Success.
Our winning team pursues excellence while learning and evolving. Career growth.
We develop industry leading talent because Ross grows when our people grow. Teamwork.
We work together to solve the hard problems and find the right solution. Our commitment to Diversity, Equality & Inclusion, and our community.
We celebrate the backgrounds, identities, and ideas of those who work and shop with us because our differences make us stronger. We strive to be a positive force in our community.
Our Corporate headquarters are in Dublin, CA, we have 3 buying offices in key markets in New York City, Los Angeles, and Boston, and 8 distribution centers nationwide. With 2023 revenues of $20.4 billion, we are a Fortune 500 company who is committed to providing an inclusive work environment with continuous learning opportunities and development for our teams.
General Purpose Lead, Security Analysis is the senior member of the Cybersecurity Risk Management group responsible for leading and executing third‑party security risk management and governance processes within the organization. This includes performing risk assessments, tracking mitigation efforts, and developing risk metrics and reports. The position also leads security‑risk related projects and enhances programs, such as third‑party risk assessments, insider threat management, updating security policies and standards, and executing security awareness programs for corporate and overseas offices.
Base salary range: $119,900 – $204,550.
Essential Functions
Provides subject‑matter expertise in all aspects of risk management, including performing risk assessments to identify security issues and recommend remediation strategies.
Leads third‑party risk management programs and establishes supporting processes across the enterprise.
Identifies and implements improvements to enhance the Cybersecurity Risk Management program through process optimization, solutions, policies, procedures, KPIs, and other techniques.
Performs third‑party risk management and reviews contracts to ensure necessary security controls are included.
Develops standards to support vendor selection and the RFP process and participates in product and vendor selection to provide subject‑matter expertise on information security risk and compliance.
Maintains a risk register and develops Cybersecurity Risk Management metrics and reports, collaborating with Compliance Manager, Secure SDLC Manager, Information Security, and IT groups to gather and analyze metrics.
Leads information security awareness programs by conducting exercises to educate employees on best practices.
Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
Competencies
People:
Building Effective Teams, Developing Talent, Collaboration.
Self:
Leading by Example, Communicating Effectively, Ensuring Accountability and Execution, Managing Conflict.
Business:
Business Acumen, Planning, Aligning and Prioritizing, Organizational Agility.
Specific Position‑Related:
Technical Competence and Expertise, Analysis / Judgment, Communication, Customer Service.
Qualifications and Special Skills Required
Five years of experience within Information Technology with at least 3 in Security and/or Risk Management.
Bachelor’s degree preferred or equivalent combination of education and relevant experience.
Strong understanding of security governance, compliance, and risk management principles.
Proficient in Microsoft Word, Excel, and PowerPoint.
Excellent analytical, organizational, and communication skills.
Strong Project Management skills.
Preferred Qualifications
CISSP (Certified Information Systems Security Professional).
CRISC (Certified in Risk and Information Systems Control).
Working knowledge of UNIX and Windows.
Experience with firewalls, VPN, PKI, IPS.
Experience with Oracle and MS SQL.
Virtualization security, software programming skills.
Physical Requirements / ADA Job requires ability to work in an office environment, primarily on a computer. Requires sitting, standing, walking, hearing, talking on the telephone, attending in‑person meetings, typing, and working with paper/files. Requires consistent timeliness and regular attendance. Vision requirements: ability to see information in print and/or electronically.
This role requires regular in‑office presence, including in‑person team interaction, meetings, collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in‑office and remote work.
Supervisory Responsibilities N/A
Disclaimer This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all‑inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.
Equal Employment Opportunity Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire, and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (including pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, and any other category protected by federal, state or local laws.
#J-18808-Ljbffr