Lead Analyst, Information Security - (Cyber Risk Management)

Your Impact
The primary purpose of this role is to lead the development and ongoing delivery of information security tools and processes. This includes responsibility for creating, executing, and improving risk management processes and procedures while also providing thought leadership and guidance to the rest of the team.
This role addresses complex and interdependent issues that span technologies, business units, and services and drives continuous enhancement to tools and processes.
The goal of the risk management program is to develop and continually enhance procedures to efficiently assess and manage risk and oversee the implementation of relevant mitigating controls to enhance the information security posture. The lead is expected to possess strong process management and communication skills. The lead operates with a high level of independence and autonomy and provides regular coaching and direction to more junior-level associates on the team. We welcome an innovative individual who embraces challenges and offers creative solutions.
What You Will Do;

• Lead risk assessments and technical reviews to identify potential risks, their impact, and root cause analysis for applications, tools, services, and enterprise cyber ecosystem against Lowe's policies/ standards & risk appetite.
• Oversee the analyses of risks and their potential impact, and the development of risk mitigation strategies/ actions throughout the risk lifecycle.
• Take ownership of the risk treatment process, risk register, and tracking of risks and associated mitigations.
• Provide comprehensive risk reports to stakeholders, including senior management, for effectively communicating security risks & mitigation approaches. Also, provides notification of updated control requirements to technology functions due to regulatory and policy updates.
• Lead the creation, implementation, and improvement of risk processes and procedures.
• Lead the design, implementation, review, and maintenance of a suitable risk management framework tailored to Lowe's needs.
• Designs and facilitates process optimization initiatives.
• Leads efforts to develop and maintain standard operating procedures; identifies and incorporates improvements on procedures based on best practices and industry trends; ensures information is compiled in a thorough and organized manner.
• Advises users and team members on the execution of complex processes, interprets standards and regulations, and assists with solutions.
• Provides direction, coaching, and training to more junior-level analysts to ensure they have the knowledge and tools needed and assist them with complex tasks.
• Mentors and advises others, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls.
• Builds and grows a network of diverse partnerships, develops an understanding of formal and informal decision-making processes, and leverages knowledge of functional and cross-functional operations to accomplish work objectives and solve complex problems.
• Provides insight and consultation to help ensure new and existing security solutions are developed with insight into industry best practices, strategies, and architectures.
• Develop tools or processes to operationalize/improve workflows.

Required Qualifications:

• Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
• 6 Years Experience in information security
• Advanced understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

Preferred Qualifications:

• IT experience in the retail industry
• Relevant information security certifications (e.g., CISSP, CISM, PCI ISA, CRISC, CISA)
• 3 Years Experience conducting assessments or technical reviews to analyze risk.
• 3 Years Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management

Where You'll Be;

• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
• Lowe's supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
• Most business meetings are planned around the Eastern time zone.

About US
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2023 sales of more than $86 billion, Lowe's operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit www.Lowes.com
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
Pay Range: $111,600.00 - $212,000.00 annually Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.