Senior Info Sec Analyst - Controls Assurance
Target is an iconic brand, a Fortune 50 company and one of America's leading retailers.
Target as a tech company? Absolutely. We're the behind-the-scenes powerhouse that fuels Target's passion and commitment to cutting-edge innovation. We anchor every facet of one of the world's best-loved retailers with a strong technology framework that relies on the latest tools and technologies—and the brightest people—to deliver incredible value to guests online and in stores. Target Technology Services is on a mission to offer the systems, tools and support that guests and team members need and deserve. Our high-performing teams balance independence with collaboration, and we pride ourselves on being versatile, agile and creative. We drive industry-leading technologies in support of every angle of the business, and help ensure that Target operates smoothly, securely and reliably from the inside out.
About the team:
Controls Assurance serves as a second-line of defense function designed to identify key information security risks that may impact Target's ability to deliver its strategic priorities. It accomplishes this mission though two types of assessments.The first are enterprise security controls assessments, which are in-depth process and technical assessments driven by top risks identified by Information Security leadership.The second are compliance risk assessment and controls testing, which are performed in support of compliance obligations.
As a member of this team, you will be given broad and ambiguous risks to assess in a collaborative team environment.It will challenge you to quickly learn new technologies and processes, cultivate partnerships across the organization, critically think through scope/threats/risks, assess effectiveness of those controls, and report results.
About the opportunity:
As a Senior Controls Assurance Analyst, you will:
- Conduct in-depth process and technical assessments of top risks identified by Info Security leadership
- Advise on actions to reduce information security risks
- Summarize and report key risks to Info Security leadership
- Continuously develop your technical skills
- Perform asset risk assessments and controls testing in support of compliance
- Provide subject-matter expertise in information security risk and controls
- Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures
- Be a thought leader in information security and align with business objectives of the company
- Work closely with cross-functional teams and develop strong liaison relationships
- Identify opportunities to continuously innovate and improve the value the program delivers to organization
Desired skills and experiences include:
- Bachelor's degree
- 4+ years of information security experience
- In-depth knowledge and experience of security assessment/audit principles
- Ability to navigate ambiguity and develop working business relationships and trust
- Basic understanding of networking principles and data protection
- Ability to identify problems, analyze data and present conclusions
- Ability to lead down, across, and up in order to influence desired outcomes
- Strong verbal, written and presentations skills
- Knowledge of HIPAA, PCI, SOX, GLBA or other regulations with information security requirements is preferred
- Knowledge of information security frameworks such as ISO, HiTrust, or PCI is preferred
- CISSP, CISA, CIPP, or other security certifications (or willingness to obtain security certifications) preferred
- Experience using the Archer GRC tool