Job Details

Senior Analyst, Governance, Risk and Compliance


Date Opened: 03/12/2024

Job Type:

Job Number: 240000UW

Job Description

Role Summary :

Saks Cloud Services is looking for a Senior Analyst GRC to be a key member of the SCS Information Security organization. We seek a dynamic Senior GRC Analyst that enjoys working on security challenges in a collaborative fashion. This person will be responsible for establishing an Information Security governance framework, implementing security compliance programs with a strong focus on Third Party Risk Assessments (TPRA), Business Continuity Management (BCM), IT Sarbanes Oxley and Payment Card Industry (PCI-DSS) compliance and the protection of sensitive data including the Personal Identifiable Information of employees and customers.

Role Description:

Responsible for creating and rolling out Information Security policies and standards. Responsible for aligning security requirements with business objectives and understanding applicable alignment with security and risk compliance frameworks. Support and manage the enterprise information security controls framework as well as work with global /stakeholders on corresponding policies, procedures, and standards.

? Be a critical member for assessing controls in ITGC SOX, PCI DSS and technology internal controls programs.

? Must have good knowledge about BCP/DR assessment and processes. Responsible for conducting Business Impact Analysis (BIA), annual review of BCP documentations.

? Responsible for conducting security awareness sessions and maintaining organization annual compliance.

? Understand Data Privacy - e.g., PII - Personal Identifiable Information, and implement solutions to meet those regulations. Develop necessary capabilities, standards, and services, in partnership with Marketing, Product, and Technology departments, to protect sensitive information effectively.

? Engages with business units to identify risks and track the implementation of risk mitigation plans. Assesses risk management tools, techniques, and procedures to enhance risk management capabilities throughout the enterprise. ? Supports the development of metrics for the Information Security risk management reporting dashboard including the status of the security governance, risk remediation, and audit compliance efforts

? Assist in the implementation of governance and risk management solutions to automate processes and workflows. ? Represent the information security program during contract negotiations. Participate in and support Third-Party Risk Assessment activities of prospective and existing vendors.

Key Qualifications:

? Minimum of 5 years experience in Information Security Governance Risk and Compliance role, preferably in the retail sector.

? Expertise in Information Security Governance Risk and Compliance is required.

? Expertise in IT SOX, ITGC, Technology Risk, Internal Controls.

Experience with information security controls frameworks (NIST 800-53, ISO27001, PCI-DSS).

? Experience executing information security risk assessment methodologies and familiarization.

? Experienced in assessing security risks in modern cloud Software as a Service (SaaS), Platform as a Service (SaaS), and Infrastructure as a Service (IaaS) technologies.

? Experienced with evaluating and validating controls around the full technology stack from application, operating system, database, and networking layers.

? Expertise in technical and business environment, familiarity with security standards, experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessments, and cyber-security and incident management.

? Ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action as needed.

? Ability and desire to lead projects and should have good presentation skills.

? Ability to analyze, communicate, articulate risk, governance, and compliance trends and program requirements.

? Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.

? Bachelor or master’s in computer science, Information/Cyber security, and/or Information Systems.

Preferred Qualifications (nice to haves):

? Certification of ISO 27001, ISO 22301, PCI DSS, CISA, CISSP 

? Knowledge of Retail Business

Job Qualifications

Thank you for your interest with HBC. We look forward to reviewing your application.


HBC provides equal employment opportunities (EEO) to all employees and applicants for employment.