Monitors, analyzes, and remediates information technology (IT) security risks and vulnerabilities by adhering to defined operating procedures; reviewing metrics to identify outliers, inefficiencies, and non-standard actions associated with operational processes and reporting the findings; identifying improvement opportunities and providing feedback to senior team members and management; and participating in meetings for any initiatives or tasks that will alter current processes.
Leads business customers through delivery processes in completing paperwork (for example, budgets, staffing plans, change management plans, document of understanding, scope statements, other required artifacts) by meeting with business units to develop delivery plans; creating communication plans for leadership, delivery team, and stakeholders; working with the business unit and delivery team to determine approved delivery parameters; managing the approval process for changes to delivery and/or scope; prioritizing competing demands, organizational changes, and new responsibilities; and collaborating with stakeholders to assess costs and establish the return on investment (ROI).
Maintains vendor relations by preparing and executing request for proposals (RFPs); facilitating the vendor selection process; reviewing statements of work; ensuring compliance to vendor contracts; and reporting with vendor contract execution.
Provides and supports the implementation of security governance by leading the process of governance administration and maintenance; ensuring familiarity with Walmart information security policies, standards, procedures, and best practices; modeling various governance concepts (for example, Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT), Six Sigma, Cybersecurity Capability Maturity Model (CMM)); developing recommended remediation for gaps in security governance and policies through collaboration and consensus building; and comparing and contrasting Walmart practices and industry standards.
Analyzes and identifies risk by understanding factors that influence impact and likelihood of identified risk; building working knowledge and relationship between risk and governance; building expertise in risk analysis in multiple layers of security specialty (for example, physical, governance, technical); and developing risk mitigation strategies for identified vulnerabilities.
Coordinates compliance efforts in one area of regulatory specialty by monitoring the implementation of specific information security controls; ensuring familiarity with regulatory concepts (for example, International Organization for Standardization (ISO), Sarbanes-Oxley Act (SOX), Payment Card industry Data Security Standard (PCI), Health Insurance Portability and Accountability Act (HIPAA)); developing an understanding of multiple areas of compliance; managing a compliance assessment and remediation process; and identifying security compliance assessment and remediation process improvement.
Manages the execution of security initiatives by prioritizing critical issues for root-cause analysis; ensuring resolution of critical issues; monitoring progress versus plan; escalating complex or difficult issues; utilizing scope-change orders to track changes to the project; tracking expenditures and budgets; providing informational presentations; managing stakeholder expectations; holding self and project team accountable for project delivery; and developing performance reports.
Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.Minimum Qualifications: Bachelor’s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or risk related field and 4 years' experience in information technology or risk related field within the last 10 years OR 6 years' experience in information technology or risk related field within the last 10 years.
Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.Auditing, Compliance, Information Security, Information Technology, Investigations, PCI or Sox Compliance, Risk Analysis, Risk ManagementCISA - Certified Information Systems Auditor - Certification, CISSP - Certified Information Systems Security Professional - Certification