Information Security Analyst - Governance, Risk and Compliance (Remote)

About the Role

As Information Security Analyst, you will detect, prevent and respond to information threats and security breaches through technical security programs designed to protect the integrity of the organization's networks, systems, applications and data.

What You'll Do

• Maintain information security policies and coordinate company-wide information security controls
• Conduct information security audits and analyses and regularly drive solutions and actionable deliverables
• Resolve routine security incidents and audits
• Proactively monitor, evaluate and maintain systems and procedures that safeguard internal information systems, networks, databases and Web-based security
• Recommend and implement changes to enhance systems security and prevent unauthorized access
• Educate and communicate security requirements and procedures to users
• Monitor and research new and emerging threats and stay current on information security websites
• Interpret vulnerability scan data to prioritize risks
• Assist in software, hardware and service evaluations, security audits, security risk assessments and the administration of compliance with regulations and privacy laws
• Additional tasks may be assigned

• Demonstrate knowledge of compliance program initiatives, including control requirements and associated risks, and how Kohl's meets them
• Document security issues, including identifying risks and working with issue owners to define and validate remediation plans
• Support security awareness programs, including preparation of materials, education of associates and program performance monitoring
• Support third-party vendor security risk management program and life cycle
• Perform application access reviews to support identity governance program and compliance requirements
• Serve as a subject matter expert for Information Security to technical/non-technical management and associates
• Facilitate communication with product teams on remediation prioritization and timelines
• Apply relevant industry trends to product needs
• Identify mitigation strategies for remediation

• Ability to work independently and as part of a product team
• Ability to collect data and derive risk posture
• Understanding of penetration testing, configuration hardening, and vulnerability management
• Knowledge of hacker tactics, techniques and procedures
• Strong interpersonal and communication skills with the ability to interact with technical SMEs and business stakeholders

• Technology security experience
• Data analyst skillset