Manages the execution of basic security initiatives by prioritizing critical issues for root-cause analysis; ensuring resolution of critical issues; monitoring progress versus plan; escalating complex or difficult issues; utilizing scope-change orders to track changes to the project; minimizing impact of changes (for example, scope, schedule, costs); tracking expenditures and budgets; providing informational presentations; managing stakeholder expectations; holding self and project team accountable for project delivery; developing performance reports; and collaborating with stakeholders to assess costs and establish the return on investment (ROI).
Monitors, analyzes, and remediates information technology (IT) security risks and vulnerabilities by adhering to defined operating procedures; reviewing metrics to identify outliers, inefficiencies, and non-standard actions associated with operational processes and reporting the findings; identifying improvement opportunities and providing feedback to senior team members and management; and participating in meetings for any initiatives or tasks that will alter current processes.
Coordinates compliance efforts in one area of regulatory specialty by monitoring the implementation of specific information security controls; ensuring proficiency with regulatory concepts (for example, International Organization for Standardization (ISO), Sarbanes-Oxley Act (SOX), Payment Card industry Data Security Standard (PCI), Health Insurance Portability and Accountability Act (HIPAA)); maintaining an understanding of multiple areas of compliance; managing multiple compliance assessments and remediation processes; identifying security compliance assessment and remediation process improvement; defining and/or implementing solutions to assess compliance and reduce risk; and presenting results and analysis of assessment and remediation activity to senior management.
Manages the implementation of security governance by leading the process of governance administration and maintenance; ensuring familiarity with Walmart information security policies, standards, procedures, and best practices; modeling various governance concepts (for example, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT), Six Sigma, Cybersecurity Capability Maturity Model (CMM)); developing recommended remediation for gaps in security governance and policies through collaboration and consensus building; comparing and contrasting Walmart practices and industry standards; reviewing governance standards for overlap and inconsistencies with operational, security, and management practices; and maintaining familiarity with legislative process and pending legislation.
Analyzes and identifies risk by understanding basic factors that influence impact and likelihood of identified risk; building working knowledge and relationship between risk and governance; building expertise in risk analysis in multiple layers of security specialty (for example, physical, governance, technical); developing risk mitigation strategies for identified vulnerabilities; representing risk in multiple areas or domains; defining risks based on criticality, frequency, or level of impacts; and reporting risk observations to senior management.
Builds vendor relations by preparing and executing request for proposals (RFPs); facilitating the vendor selection process; reviewing statements of work; ensuring compliance with vendor contracts; and reporting on vendor contract execution.
Minimum Qualifications...Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.
Minimum Qualifications: Bachelor’s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or risk related field and 6 years' experience in information technology or risk related field within the last 10 years OR 8 years' experience in information technology or risk related field within the last 10 years.
Preferred Qualifications...Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.
Auditing, Building, developing, and implementing quality programs/systems, Consumer Software Development, Consumer Software Development - Mobile, Information Security, Information Technology, Investigations, New Business Integration, PCI or Sox Compliance, Presenting to an executive-level audience, Risk Management, Systems Integration, Technical Strategy, Working on cross-functional teams or projects
CISA - Certified Information Systems Auditor - Certification, CISSP - Certified Information Systems Security Professional - Certification