Information Security Risk AnalystApply
The Information Security Rick Analyst role will work on the Governance Risk and Compliance team, supporting the information security risk management program, and the security training and awareness program. They will drive best practice improvements through the identification, remediation, and reporting of risk both internally and with our third parties.
- Maintain Risk management initiatives and/or assessments in a GRC platform.
- Ability to assess, rate, and prioritize security risks against industry standards, and regulatory requirements, while maintaining a clear understanding of the Sleep Number business.
- Assist in the execution of Sleep Number’s Third-Party Risk Management capability and recommending improvements.
- This includes executing assessments, reviewing attestations, identifying efficiency opportunities, partnering with the legal team on contract provisions relating to security, championing maturation initiatives, and improving end user experience and reporting.
- Drive awareness training, activities, phishing simulation campaigns and communication to support Information Security Policy & Standards including tracking feedback for future iterations.
- Ability to problem-solve and work through day-to-day blockers and know when to escalate vs. self-solve while building and maintaining productive business relationships. Compile information security and compliance risks to communicate to leadership and ensure proper awareness.
- Collaborate with Information Security Architecture, Security Engineering, Enterprise Architecture, Legal and relevant operational teams to gather data and insights leading to holistic security risk.
- 1-3 years of experience within information security Risk management programs or information security audit.
- 1-3 years of Information Technology and/or Information Security experience.
- Strong organizational skills with ability to thrive in a sense-of-urgency environment, navigate ambiguity, leveraging best practices, and approaching any problem as a team-player with a can-do attitude.
- Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership.
- Knowledge of information security management system standards, frameworks (ISO 27001, NIST CSF), information technology regulatory and compliance requirements (e.g., PCI-DSS, GDPR, CCPA, HIPAA), and industry best practices.
Knowledge, Skills & Abilities
- Bachelor's degree preferred
- Demonstrated knowledge of a broad range of technical concepts: logical access control, agile development process/DevSecOps, secure coding principles, security architecture frameworks and methods, information security, cloud security, network security, and privacy.
- Strong oral and written communication skills required, including a natural ability to tailor communication to various audiences. Ability to solve problems.
- Creative problem solver, flexible, proactive, and work in a fast paced, ever-changing environment.
- Experience with executing campaigns in a Phishing Simulations platform such as Proofpoint, Mimecast, Knowbe4 or equivalent.
- Experience interacting with GRC platforms such as Service Now, Archer, or equivalent.
- Experience in Retail and/or eCommerce.
- Familiarity with cloud security controls in a cloud environment (e.g., AWS, Azure, Rackspace)
- Intermittent weekend and evening work may be required for production or operational support, during implementations and to meet project deadlines
- Ability to travel up to 10%
- Typical office environment, requiring at least 8 hours standing or sitting
Recently Viewed jobs
No jobs have been viewed recently.
Sorry, you do not have any saved jobs.
“Sleep is integral to a happy healthy lifestyle and it has such a huge impact on everyday life. Sleep Number is a unique company to work for because you’re truly helping people.”Sophia, Customer Service Representative