|Category||Technology||Job type||Full Time|
|Address||1000 Lowes Boulevard|
The primary purpose of this role is to lead the implementation and continuous evolution of information security tools and processes, focusing especially on highly complex security scenarios at the enterprise level. This includes working with security architecture and engineering to help resolve architectural or design deficiencies of new and existing solutions. In addition, this role provides consultation to help ensure security solutions are developed with insight into industry best practices, strategies, and architectures.
This individual has a deep knowledge and understanding of information security and uses this insight to support Technology leadership. This includes offering input into Technology strategy and providing objective information and data to help inform and drive critical Technology decisions through the lens of information security.
This role is expected to be a subject matter expert for all information security domains and help the management team coordinate efforts across teams and initiatives.
To be successful, the individual in this role must have a deep understanding of information security solutions and the unique situations that affect successful implementation and ongoing operation.
Although this role does not manage people directly, the individual in this role spends time developing, training, and reviewing the work of others on the team.
• Provides consultation on business requirements and functional specifications for information security solutions
• Leads activities to assess adherence to the information security processes supported
• Helps with the technical development, configuration, or modification of security solutions and technologies and resolves compliance, operational, architectural, process, or design deficiencies
• Serves as an information security expert for project teams throughout the implementation and maintenance of business and enterprise software solutions
• Offers expertise in troubleshooting complex information security solutions
• Has detailed knowledge of security architecture; determines how to apply security solutions across different areas of the company
• Drives operational excellence practices across organization for information security
• Solves significantly complex or endemic problems in the information security space
• Reviews the development or modification of highly complex, enterprise level information security solutions
• Provides expert insight into best practices for delivering successful validation and testing of highly complex information security solutions
• Provides expert recommendations and input on options, risks, costs, and benefits for information security solution designs and identifies specific interfaces and methods required to support solutions
• Provides input into departmental budget forecasting and allocation decisions
• Mentors and advises others, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls
• Leads efforts to develop standard operating procedures; identifies and incorporates improvements on procedures based on best practices and industry trends
• Maintains an awareness of information security news and trends
• Facilitates cross-functional (security, technology, business) teams to solve complex problems
• Provides insight and consultation to help ensure new and existing security solutions are developed with insight into industry best practices, strategies, and architectures
• Develops tools or processes to operationalize / improve workflows
• Partners with senior key stakeholders to develop and/or update Information Security documents such as policies, standards, procedures, training
• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
• 10 years of experience in information security
• Advanced understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
• IT experience in the retail industry
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
Identity & Access Management
• Experience with IAM technology implementation and operations (e.g., CA, SailPoint, OKTA, SSO, MFA, IGA,
Lowe's is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.