Job Summary:
The primary purpose of this role is to ensure the effectiveness and compliance of internal security-related controls. You will play a crucial role in identifying in-scope systems, performing control tests, documenting walk-throughs, and overseeing remediation testing and closures. We welcome an innovative individual that embraces challenges and offers creative solutions.
Key Responsibilities:
· Conduct thorough internal control testing: Review documentation and relevant technical and security-related records to assess compliance with standards and established procedures. Identify issues and determine the proper root cause and provide guidance on potential remediation actions.
· Identify and address problems: Recognize existing or potential issues and conduct further research as necessary. Examples include Segregation of Duties (SoD) concerns and evidence of approval/sign-offs.
· Continuous monitoring: experience in building automated control testing and evidence collection to efficiently collect and analyze the effectiveness of controls.
· Collaborate with cross-functional teams: Interface with various departments, consultants, and vendors to participate in SOX audits and recommendations meetings. Follow up on the implementation of remediation efforts.
· Knowledge of IT controls and governance frameworks: Demonstrate a fundamental understanding of general computer control areas, IT governance frameworks (e.g., CIS, COBIT, NIST, CSF, HIPAA), Sarbanes-Oxley, and COSO framework.
· Experience with internal controls design and implementation: Possess fundamental experience in designing and implementing a system of internal controls, preferably within a large-scale management-led SOX organization. Support the company's SOX program effectively.
· Evaluate security and controls: Assess the security and controls of various on-premises and cloud-based technologies. Preferred experience with Oracle Cloud, Workday, Microsoft Azure, and Salesforce.
· Risk assessment and prioritization: Understand, assess, and prioritize risks across different components of the IT environment, including applications, operating systems, and databases.
· Courageous stakeholder management: Tenaciously pursue improvement and confidently engage in conversations with technical and non-technical internal and external stakeholders at all management levels.
· Support IT compliance program: Assist in developing, implementing, and executing Lowe's IT compliance program. This includes identifying, designing, and validating key controls, developing operational procedures, documenting testing, and reporting results to management, internal and external audit.
· Enhance internal control design and documentation: Collaborate with stakeholders to rationalize internal control design, activities, and maintain a comprehensive inventory of key controls. Ensure documentation reflects a high level of quality.
· Align IT and Security policies and procedures: Provide input to align IT and Security policies, standards, and procedures with compliance requirements.
· Support compliance with laws and regulations: Assist process owners, control owners, control performers, and compliance coordinators in ensuring controls are well-defined and compliant with applicable laws and regulations.
· Collaborate with IT and ISG leaders and managers: Work with IT and ISG leaders and managers at all levels to identify areas for control enhancements and documentation improvements.
· Liaison with auditors: Facilitate communication with external and internal auditors, acting as a liaison between auditors and the IT department.
Minimum Qualifications:
· Bachelor's degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
· 4 years of experience in information security
· Advanced understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; data protection techniques; etc.)
Preferred Qualifications:
· IT experience in the retail industry
· Relevant information security certifications CISSP, CISM, CEH, PCI ISA, CRISC, CISA and/or related certifications preferred
· Advance experience in SOX compliance
· Strong organizational and proactive planning skills.
· Excellent written and verbal communication skills.
· Good analytical and creative problem-solving skills.
· Attention to detail and ability to follow through on action items.
· Ability to drive team to key milestones.
· A confident, collaborative manner when dealing with conflict.
· Team player with positive, results-oriented attitude.
· Ability to work in a fluid environment with changing deadlines.
· Ability to work effectively in a matrixed environment across multiple departments.
· Experience in advocating for business needs and listening to the “voice of the customer.”
· Experience working on high profile projects that have required presentations.
· Experience working in a compliance role in a complex organization.
· Project Management or Business Analysis experience.
About Lowe’s
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2023 sales of more than $86 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.
Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.