Information Security Analyst - Governance, Risk and Compliance (Remote)

Role Specific Information

Job Description

About the Role

As Information Security Analyst, you will detect, prevent and respond to information threats and security breaches through technical security programs designed to protect the integrity of the organization's networks, systems, applications and data.

What You’ll Do

• Maintain information security policies and coordinate company-wide information security controls

• Conduct information security audits and analyses and regularly drive solutions and actionable deliverables

• Resolve routine security incidents and audits

• Proactively monitor, evaluate and maintain systems and procedures that safeguard internal information systems, networks, databases and Web-based security

• Recommend and implement changes to enhance systems security and prevent unauthorized access

• Educate and communicate security requirements and procedures to users

• Monitor and research new and emerging threats and stay current on information security websites

• Interpret vulnerability scan data to prioritize risks

• Assist in software, hardware and service evaluations, security audits, security risk assessments and the administration of compliance with regulations and privacy laws

• Additional tasks may be assigned

Addendum

Governance, Risk and Compliance (GRC) Service:

• Demonstrate knowledge of compliance program initiatives, including control requirements and associated risks, and how Kohl’s meets them

• Document security issues, including identifying risks and working with issue owners to define and validate remediation plans

• Support security awareness programs, including preparation of materials, education of associates and program performance monitoring

• Support third-party vendor security risk management program and life cycle

• Perform application access reviews to support identity governance program and compliance requirements

• Serve as a subject matter expert for Information Security to technical/non-technical management and associates

• Facilitate communication with product teams on remediation prioritization and timelines

• Apply relevant industry trends to product needs

• Identify mitigation strategies for remediation

What Skills You Have

Required

• Ability to work independently and as part of a product team

• Ability to collect data and derive risk posture

• Understanding of penetration testing, configuration hardening, and vulnerability management

• Knowledge of hacker tactics, techniques and procedures

• Strong interpersonal and communication skills with the ability to interact with technical SMEs and business stakeholders

Preferred

• Technology security experience

• Data analyst skillset

Essential Functions

The requirements listed below are representative of functions you will be required to perform, however you may be required to perform additional functions. Kohl’s may revise this job description at any time. To perform this job successfully, you must be able to perform each essential function satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions, absent undue hardship.

• Ability to perform the accountabilities listed in the “What You’ll Do” Section

• Ability to comply with dress code requirements

• Basic math and reading skills, legible handwriting, and basic computer operation

• Ability to maintain prompt and regular attendance and meet scheduling requirements as set by the company

• Ability to learn and comply with all company policies, procedures, standards and guidelines

• Ability to give direction and to receive, understand and proactively respond to direction from leadership and other company personnel

• Ability to work as part of a team and interact effectively and appropriately with others

• Ability to maintain composure and work in a fast paced environment while accomplishing multiple tasks within established timeframes

• Ability to satisfactorily complete company training programs

• Ability to use a personal computer for tasks such as communicating, preparing reports, etc.

• Ability to plan, prioritize and monitor activities across business units

• Ability to complete or oversee the completion of assigned projects in a timely manner