Dillard’s is seeking a Security Risk Analyst in Little Rock, Arkansas. The Security Risk Analyst supports the risk identification and management process across all aspects of Information Technology and integration with Third Parties. Responsibilities include assessing the current adequacy of vendor security strategy, threats to the systems, and then calculating the impact of potential adverse events. Audits and assessments must be continual, as the threat profiles change constantly. The Analyst will keep management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect their systems or cover potential losses. The analysis will include a clear description of the risk and its likelihood. Mitigation plans must be developed and presented to management for approval.
Roles and Responsibilities:
- Develop security assessments and attestations when reviewing potential and existing technology solutions.
- Monitor data security profiles in the Dillard’s environments by reviewing security violation reports and investigating security exceptions.
- Update, maintain, and document security controls and provide direct support to internal IT groups.
- Work directly with third parties and other internal departments to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks.
- Maintain knowledge of current technologies in order to effectively evaluate risk.
- Continuously evaluate security, data vulnerability, business continuity and compliance risks.
- Define and document risks and potential impacts along with the statistical probability of such an event. Identify systems affected by the defined risk.
- Research source of breaches in evolving current events.
- Offer security-focused consultative services to vendors and IT departments.
- Negotiate remediation priorities.
- Exhibit ownership, follow through, initiative, awareness and effective communication with IT teams and management.
- Actively participate in and contribute to the Vendor Management Program.
- Authorization to work in the United States without sponsorship
- Ability to work onsite at Corporate Headquarters in Little Rock, AR
- Excellent research and technical writing skills of project plans, spreadsheets, and versioning documents.
- Possess analytical, communication and consulting skills with knowledge of Information Security and related technologies.
- Strong problem solving, decision-making, reporting, communication, and management skills.
- Effective planning, implementation, and negotiation skills.
- Ability to multi-task and track many simultaneous initiatives.
- Ability to work in a fast-paced environment
- Must be tactful, detail oriented, and able to comprehend technical and regulatory requirements.
- Proficient in either Google and/or Microsoft suite.
- Experience testing or auditing technical controls.
- Knowledge of and experience with Payment Card Industry Data Security Standard (PCI DSS) framework, information security and/or privacy recognized certification(s).