Lead, Security Analysis; IT Risk Management

Position: Lead, Security Analysis (IT Risk Management)

Lead, Security Analysis (IT Risk Management)

Ross Stores, Inc. invites applications for the Lead, Security Analysis (IT Risk Management) role. This senior member of our Cybersecurity Risk Management group leads and executes third‑party security risk management, governance processes, and related projects across the organization.

General Purpose

Lead and execute third‑party security risk management and governance processes. Perform risk assessments, track mitigation efforts, develop risk metrics and reports, and manage security‑related projects such as third‑party risk assessments, insider threat management, policy updates, and security awareness programs for corporate and overseas offices.

Essential Functions

• Provide subject‑matter expertise in all aspects of risk management, performing risk assessments to proactively identify security issues/vulnerabilities and recommend remediation strategies.
• Lead third‑party risk management programs by establishing improvements and supporting processes across the enterprise.
• Implement improvements to enhance the Cybersecurity Risk Management program through process optimization, solutions, policies, procedures, KPIs, and other techniques.
• Perform third‑party risk management and reviews of contracts and agreements to ensure necessary security controls are included.
• Develop standards to support vendor selection and RFP processes, and participate in product and vendor selection to provide information security risk and compliance expertise.
• Maintain a risk register, develop Cybersecurity Risk Management metrics and reports, and collaborate with Compliance Manager, Secure SDLC Manager, Information Security, and IT groups.
• Lead information security awareness programs by conducting regular exercises to educate employees on information security and best practices.
• Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.

Competencies

• People
  :
  Building Effective Teams, Developing Talent, Collaboration
• Self
  :
  Leading by Example, Communicating Effectively, Ensuring Accountability and Execution, Managing Conflict
• Business
  :
  Business Acumen, Planning, Aligning and Prioritizing, Organizational Agility
• Technical Competence and Expertise, Analysis / Judgment, Communication, Customer Service

Qualifications And Special Skills Required

• Five years of experience within Information Technology with at least three in Security and/or Risk Management.
• Bachelor’s degree preferred or equivalent combination of education and relevant experience.
• Strong understanding of security governance, compliance, and risk management principles.
• Proficiency in Microsoft Word, Excel, and PowerPoint.
• Excellent analytical, organizational, and communication skills.
• Strong project‑management skills.

Preferred Qualifications

• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• Working knowledge of UNIX and Windows
• Experience with firewalls, VPN, PKI, IPS, Oracle, MS SQL
• Virtualization security, software programming skills

Physical Requirements / ADA

Job requires ability to work in an office environment, primarily on a computer. Requires sitting, standing, walking, hearing, talking on the phone, attending in‑person meetings, typing, and working with paper/files. Consistent timeliness and regular attendance are required. Vision: ability to see information in print and/or electronically. This role requires regular in‑office presence, but may utilize a combination of in‑office and remote work.

Supervisory

Responsibilities

N/A

Disclaimer

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all‑inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.

Equal Employment Opportunity

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities, and experience. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, disability, sex, veteran status, marital status, medical condition, genetic information, gender identity, sexual orientation, and other protected categories.

Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

• Research, Analyst, and Information Technology
• Industries:
  Retail

Base Salary Range

$119,900 – $204,550 (dependent on experience, skills, qualifications, education, certifications, seniority, and location). Additional rewards vary by position and location.

#J-18808-Ljbffr