Information Security Analyst - Governance, Risk and Compliance (Remote)

Join to apply for the Information Security Analyst - Governance, Risk and Compliance (Remote) role at Kohl's.

As an Information Security Analyst, you will detect, prevent, and respond to information threats and security breaches through technical security programs designed to protect the integrity of the organization's networks, systems, applications, and data.

• Maintain information security policies and coordinate company-wide information security controls.
• Conduct information security audits and analyses, and regularly drive solutions and actionable deliverables.
• Resolve routine security incidents and audits.
• Proactively monitor, evaluate, and maintain systems and procedures that safeguard internal information systems, networks, databases, and web-based security.
• Recommend and implement changes to enhance systems security and prevent unauthorized access.
• Educate and communicate security requirements and procedures to users.
• Monitor and research new and emerging threats, staying current on information security websites.
• Interpret vulnerability scan data to prioritize risks.
• Assist in software, hardware, and service evaluations, security audits, risk assessments, and compliance with regulations and privacy laws.
• Additional tasks may be assigned.

• Demonstrate knowledge of compliance initiatives, control requirements, and associated risks, and how Kohl’s meets them.
• Document security issues, identify risks, and work with issue owners on remediation plans.
• Support security awareness programs, including material preparation, education, and performance monitoring.
• Support third-party vendor security risk management programs and lifecycle.
• Perform application access reviews to support identity governance and compliance requirements.
• Serve as a subject matter expert for Information Security to both technical and non-technical management and staff.
• Facilitate communication with product teams on remediation prioritization and timelines.
• Apply industry trends to product needs.
• Identify mitigation strategies for remediation.

• Ability to work independently and in a team environment.
• Ability to collect data and assess risk posture.
• Understanding of penetration testing, configuration hardening, and vulnerability management.
• Knowledge of hacker tactics, techniques, and procedures.
• Strong interpersonal and communication skills to interact with technical SMEs and business stakeholders.

• Technology security experience.
• Data analysis skillset.

• Seniority level: Not Applicable.
• Employment type: Full-time.
• Job function: Information Technology.
• Industry: Retail.