Information Security Governance Senior Analyst - Remote

The Information Security Governance Senior Analyst (Sr. Security Analyst) works within Risk Management’s Data Governance team at Harbor Freight Tools (HFT) to implement, monitor, and continuously improve HFT’s security governance, risk, and compliance programs. The Sr. Security Analyst, reporting to the Sr. Manager Data Governance will be responsible for collaborating cross-functionally with IT and the business on security governance activities and supporting the company's obligation to identify technology and security risks, and manage related legal, regulatory and compliance risks.

This position will perform complex risk assessments and apply HFT risk management methodologies to ensure that stakeholders are aware of relevant risk and controls requirements. The position will work with IT and Cyber Security teams to provide technical guidance and evaluation of security controls and will ensure alignment with overall organizational goals. This position will evaluate 3rd party risk and will make recommendations to leadership and operational teams. This is an individual contributor role and will not have direct reports but may direct others based on specific project needs.

Duties and Responsibilities

• Develops and implements compliance testing protocols related to security frameworks, policies, etc. and works with key stakeholders to correct/mitigate as needed.
• Oversee records retention governance monitoring and reporting for compliance specific to e-records.
• Develop a close partnership with control owners, educating them on applicable security compliance requirements, security risk areas, mitigations, process improvements, and risk-appropriate control recommendations.
• Promote a culture of security awareness through annual and ad hoc training programs including Anti-Phishing simulation testing. Be an advocate for security best practices and the security compliance resource for stakeholders from departments throughout the company.
• Evaluate security risks associated with Third-Party/Vendor to ensure that Third-Party technology environment and security controls appropriately protect shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular re-assessments.
• Manage security/risk exception process.
• Lead security risk assessments for CIS20, HIPAA, and IT on an annual basis. Support coordination of internal and external audits that are associated with cybersecurity and technology risks, including facilitating audit evidence collections, responses to observations and reporting.
• Works with subject matter experts (SME) and management to manage information security policies, standards and supporting documentation.
• Stay updated on developing regulatory concerns and changing IT/security trends.
• Assist in continuous controls monitoring utilizing GRC solution, dashboards, analytics, automation, and other supporting tools.
• Ensures that Access Control Lists (ACLs) are regularly reviewed such that only permitted individuals have access to company information.
• Serve as a subject matter resource to assess compliance implications for areas that have gaps.
• Assist in the development and execution of data discovery scanning, analytics, and corrective actions.
• Support issue management efforts, which include remediation tracking, status reporting and validating closure of security gaps, non-compliance issues and/or security risk.

Scope (Required)

• Travel – <10%
• Decision making - Creates policy and resolves problems, provides data for decision support, negotiate on behalf of management, provides consultation or expert advice, participate in planning business objectives, represents the company in handling complaints, disputes or resolving grievances.
• Staff supervision and development — Individual contributor with authority to direct matrixed resources
• Location— Flex Remote

corporate corporate corporate

Education (Required)

• Relevant professional designation (CISSP, CISA, CRISC, CRMA, CIPP) preferred
• Bachelor's Degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field or equivalent experience

Skills (Required)

• Experience with the monitoring and evaluation of technology processes and controls including design and operating effectiveness testing and reporting on results and recommendations.
• Strong problem-solving skills and resourcefulness.
• Experience working independently and in collaboration with cross-functional teams.
• Experience with Third-Party / Vendor Security Risk Management
• Experience with GRC tools (OneTrust, Archer, ServiceNow, etc.)
• Knowledge and experience with compliance and regulatory frameworks, standards, and controls, such as NIST, ISO27001, PCI DSS, SSAE 18 (SOC), COSO, SOX
• Excellent computer skills, including PowerPoint, Microsoft Word, Excel, Visio, and Outlook
• Strong analytical skills, self-motivated, excellent written and verbal communication skills.
• Experience working in a fast-paced environment.
• Experience providing in-depth analysis of complex issues which are then presented to cross-functional teams.
• Hands-on experience with security risk management practices

Experience (Required)

• 7+ years’ experience in data security, risk management, privacy, and/or compliance disciplines

The anticipated salary range for this position is $88,720 – $133,080 depending on location, knowledge, skills, education and experience. This position is also eligible for an annual discretionary bonus. In addition, we offer comprehensive and competitive benefits to Associates (and their families) such as medical, dental, vision, life insurance, short-term and long-term disability. Eligible Associates are able to enroll in our company’s 401k plan. Associates will accrue paid time off up to 236 hours per year (inclusive of PTO, floating holidays, and paid holidays). Paid sick time up to 80 hours per year unless otherwise required by law.

We’re a family-owned business with over 45 years as a national tool retailer, and with the energy, enthusiasm, and growth potential of a start-up. We are a $6.75+ billion company with over 1,350 stores in 48 states, 25,000+ Associates, and one of the fastest-growing retailers in the country.