Senior Info Sec Analyst - Vendor Security
Target is an iconic brand, a Fortune 50 company and one of America's leading retailers.
Target as a tech company? Absolutely. We're the behind-the-scenes powerhouse that fuels Target's passion and commitment to cutting-edge innovation. We anchor every facet of one of the world's best-loved retailers with a strong technology framework that relies on the latest tools and technologies—and the brightest people—to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out.
About the team:
Join an innovative and industry-leading vendor security risk management program! Use your talent and experience to partner with the business on new initiatives, assess threats, and reduce vendor security risk to Target.
Vendor Security is responsible for assessing the information security posture of Target's vendors to enable business and information security leadership to make informed decisions to protect guest, brand, and team member information. We accomplish this mission through our engagement and assessment activities performed throughout the lifecycle of each vendor's relationship. It will challenge you to quickly learn new business services and vendor controls, cultivate partnerships across the organization, critically think through scope/threats/risks, assess effectiveness of those controls, and report results.
About the opportunity:
As a Senior Vendor Security Assurance Analyst, you will:
- Perform vendor security assessments, drive risk remediation, and partner with teams across the company
- Inform and advise business leaders on their vendors' information security risks
- Provide subject matter expertise in third-party risk management
- Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures
- Be a thought leader in Information Security and align initiatives with business objectives of the company
- Work closely with cross-functional teams and develop strong liaison relationships
- Identify opportunities to continuously innovate and improve the program and value delivered to organization
- Own and/or support special projects and research
Desired skills and experiences include:
- Bachelor's degree
- 4+ years of information security experience
- In-depth knowledge and experience of security assessment/audit principles
- Ability to navigate ambiguity and develop working business relationships and trust
- Basic understanding of networking principles and data protection
- Ability to identify problems, analyze data and present conclusions
- Strong verbal, written and presentations skills
- Knowledge of HIPAA, PCI, SOX, GLBA or other regulations with information security requirements is preferred
- Knowledge of information security frameworks such as ISO, HiTrust, or PCI is preferred
- CISSP, CISA, CIPP, or other security certifications (or willingness to obtain security certifications) preferred
- Experience using the Archer GRC tool