Senior Risk Specialist (IT Audit)
- Location BENTONVILLE, AR
- Career Area Technology & Software Development
- Job Function Cybersecurity
- Employment Type Full Time
- Position Type Salary
- Requisition 952845BR
What you'll do at
Walmart InfoSec is seeking a Senior Risk Specialist (IT Audit) to join our Bentonville, Arkansas team. The InfoSec Assessment Team is responsible for providing assurance that information security directives: support business objectives, are consistent with regulatory and industry standards, meet or exceed best practices, and adhere to enterprise policies and internal controls; all in an effort to manage the risk to the enterprise associated with use of its information assets.
The Senior Risk Specialist (IT Audit) provides support by analyzing, monitoring, and assisting with remediation of IT security risks and vulnerabilities using various standards and tools (for example ISO, NIST, COBIT, CMM).
The incumbent will be expected to demonstrate up-to-date expertise and apply it to the development, execution and improvement of processes and action plans. They will also: provide advice and guidance to others in the application of related information and best practices, support and align efforts to meet customer and business needs, and build commitment for perspectives and rationales.
• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation procedures utilizing standards-based concepts and capabilities.
• Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
• Knowledge of computer networking concepts and protocols and network security methodologies.
• Knowledge of Cybersecurity and privacy principles.
• Knowledge of business operations and processes.
• Knowledge of evaluation and validation techniques.
• Knowledge of different risk management frameworks.
• Ability to work with people at various levels and in diverse roles (e.g., technical experts, executives).
• Ability to adapt quickly and simultaneously manage many ongoing tasks associated with multiple projects
• Ability to apply confidentiality, integrity, and availability principles.
• Ability to interface with customers.
• Ability to prepare test and evaluation reports.
• Ability to assess security controls based on Cybersecurity principles and tenets. (e.g., ISO 27001/27002, NIST SP 800-53, Cybersecurity Framework, etc.).
• Ability to perform impact/risk assessments.
• Ability to manage client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.
• Ability to prepare and present briefings.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits.
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence).
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Assess the effectiveness of security controls.
• Verify and update security documentation reflecting the application/system security design features.
• Plan and conduct security reviews.
• Travel up to 30% domestically or internationally.
- Bachelor s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or risk related field and 2 years' experience in information technology or risk related field within the last 7 years OR 5 years' experience in information technology or risk related field within the last 7 years OR a Master's degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or risk related field.
- 1 year's experience in investigations, audits, or assessments, evidence handling, and document collection and retention consistent with judicial best practices.
- 1 year's experience with current and emerging technologies (for example, mobile, cloud, federation, network, cryptography, firewalls, security technologies, intrusion detection and/or prevention devices, penetration testing, architecture).
- 1 year's experience with payment card industry data security (PCI), International Organization for Standardization (ISO), Health Insurance Portability and Accountability Act (HIPPA), and/or Sarbanes-Oxley Act (SOX) compliance and/or reporting process.
- 1 year's experience with risk frameworks (for example, COBIT, ISO 27005).
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or related certifications.
"I feel like my manager wants to help me become a better developer and a better person overall."
Hello, NW Arkansas
With over 200 miles of trails, an emerging locally-sourced food scene, the world-renowned Crystal Bridges Museum—NWA has something for everyone.Discover NW Arkansas
Crystal Bridges Museum
Celebrate the American spirit in a setting that unites the beauty of art and the power of nature.
Walton Arts Center
Arkansas' premiere center for visual arts and entertainment.
An interactive children's museum that's fun for the whole family.
42 acres of premiere public garden space.
Devil's Den State Park
Located on 2,500 acres, Devil's Den State Park is the perfect place to explore Arkansas' natural beauty.
- come together
The best of shopping and restaurants, right in the heart of Fayetteville.
All the benefits you need for you and your family
- Multiple health plan options
- Vision & dental plans for you & dependents
- Associate discounts in-store and online
- Financial benefits including 401(k), stock purchase plans and more
- Education assistance for Associate and dependents