Information Security Analyst – Governance, Risk, & Compliance

As an Information Security Analyst - With a focus specifically on Security Governance, Risk, and Compliance, this role completes activities that help drive awareness and adherence to information security policies and standards. Tasks include collecting and reviewing metrics, monitoring programs for compliance, performing risk assessments, and working with others to implement appropriate controls.

What You’ll Do

As an Information Security Analyst, you will;

• Documents current state policy and procedures, researches best practices, identifies gaps, and develops target states for IT security oversight processes.

• Identifies gaps where new policies, guidelines, or procedures are required to maintain compliance in accordance with industry best practices.

• Defines policy standards and keeps them up to date, managing changes to them; may own process.

• Drafts, reviews, and comments as directed by the government POC on translating federal requirements into Department policies and requirements, including, but not limited to: NIST publications, CIS, ISO, and other industry standards.

• Provides technical writing and editing support while improving enterprise-wide awareness of information security policies and standards through targeted communications, training, and other events.

• Continually provides input and drives cyber security tool enhancements to improve alert quality and reporting capabilities.

• Translate technical communications to non-technical messaging for various internal and external audience types, ensuring clarity, accuracy, and relevance.

• Content Creation – Assist in the creation of engaging and informative awareness and training materials, including presentations, banners, posters, videos, e-learning modules, interactive exercises, and games to effectively communicate key security concepts.

• Metrics and Evaluation – Assist in defining, analyzing, and continuously improving key performance indicators (KPIs) and metrics to measure the effectiveness of security awareness and training programs.

• Security Culture Promotion - Foster a strong security culture by promoting best practices, reinforcing desired behaviors, and raising awareness of emerging security threats and trends. Help in identifying top human risks to the organization and the behaviors that must change to mitigate those risks.

• Collaborate with cross-functional teams, including Corporate Communications, IT, legal, and human resources, to ensure alignment of efforts.

Fuel your passion!

To be successful in this role you will;

• Bachelor's degree in communications, information technology, Computer Science, CIS, Engineering, Business Administration, or related field.

• Basic understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)

• Excellent written and verbal communication skills, with the ability to translate technical concepts into clear and compelling messaging for diverse audiences.

• Experience working with cross-functional teams and building relationships across all levels of an organization.

• Knowledge of information security principles, practices, and technologies preferred.

• Proficiency in Microsoft Office Suite and communication tools/software.

• Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management is preferred.

• Proven experience in the retail industry with a focus on cybersecurity or information technology is preferred.

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISA), or equivalent are a plus.

Where You’ll Be

• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.

• Lowe’s supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub.

• Most business meetings are planned around the Eastern time zone.

About US

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2023 sales of more than $86 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit www.Lowes.com

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.

Pay Range for CA, CO, HI, NJ, NY, WA: $75,300.00 - $143,100.00 annually Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.