Information Security Analyst

About the Role

As Information Security Analyst, you will detect, prevent and respond to information threats and security breaches through technical security programs designed to protect the integrity of the organization's networks, systems, applications and data. 

What You’ll Do

• Maintain information security policies and coordinate company-wide information security controls 

• Conduct information security audits and analyses and regularly drive solutions and actionable deliverables

• Resolve routine security incidents and audits

• Proactively monitor, evaluate and maintain systems and procedures that safeguard internal information systems, networks, databases and Web-based security

• Recommend and implement changes to enhance systems security and prevent unauthorized access

• Educate and communicate security requirements and procedures to users

• Monitor and research new and emerging threats and stay current on information security websites

• Interpret vulnerability scan data to prioritize risks

• Assist in software, hardware and service evaluations, security audits, security risk assessments and the administration of compliance with regulations and privacy laws

• Additional tasks may be assigned

Addendum

Governance, Risk and Compliance (GRC) Service: 

• Demonstrate knowledge of compliance program initiatives, including control requirements and associated risks, and how Kohl’s meets them

• Document security issues, including identifying risks and working with issue owners to define and validate remediation plans

• Support security awareness programs, including preparation of materials, education of associates and program performance monitoring

• Support third-party vendor security risk management program and life cycle

• Perform application access reviews to support identity governance program and compliance requirements

• Serve as a subject matter expert for Information Security to technical/non-technical management and associates

• Facilitate communication with product teams on remediation prioritization and timelines

• Apply relevant industry trends to product needs

• Identify mitigation strategies for remediation

Vulnerability Management:

• Perform vulnerability risk assessments and communicate results to partner teams

• Monitor industry vulnerability notices and threat intelligence and prioritize vulnerabilities discovered 

• Facilitate communication with product teams on remediation prioritization and timelines

• Demonstrate technical knowledge of common operating systems, databases, applications and cloud platforms and how vulnerability can impact each

• Demonstrate technical depth and knowledge of Kohl’s vulnerability management technologies

• Implement low-impact vulnerability scan policies and consult on the design of vulnerability-related security solutions or processes

• Understand relationship of metrics to vulnerability strategy

Identity and Access Management:

• Work with an offshore team to maintain the SLAs and identify ways to improve operational efficiency

• Create and maintain metrics associated with user access administration

• Develop, solicit and maintain all appropriate documentation for all workflows

• Drive processes, understand access requirements and develop role models and standards for IAM processes

• Capture user identity administration exceptions and determine and document the course of action for resolution

• Identify and define mitigation plans for risks and issues related to project timeline, resources or quality

• Provide IAM process guidance and requirements, create IAM solutions and create roles for application onboarding

Consulting:

• Work with teams to provide written and actionable deliverables, including write-ups, supporting architectural diagrams and defects that help teams design and deploy secure solutions in concert with InfoSec services and technology

• Understand major interconnected systems and document security controls and gaps in component applications 

• Work with teams to help them understand product-specific expectations and recommendations and to help prioritize risk and effort-adjusted work 

• Suggest policy, standard and requirements improvements

• Serve as an architectural voice of security in initiatives and team planning

Incident/Response:

• Monitor, detect and analyze potential intrusions in real-time and through historical trending on security-relevant data sources

• Respond to confirmed incidents, coordinate resources and direct the use of timely and appropriate countermeasures

• Create detailed incident write-ups 

• Participate in security audits and security risk assessments

What Skills You Have

• Ability to work independently and as part of a product team

• Ability to collect data and derive risk posture

• Understanding of penetration testing, configuration hardening, and vulnerability management

• Knowledge of hacker tactics, techniques and procedures

• Strong interpersonal and communication skills with the ability to interact with technical SMEs and business stakeholders

Preferred

• Technology security experience

• Data analyst skillset