Responsibilities

H-E-B is a leading innovator in technology, and our Digital Technology Team collaborates to design, construct, implement, and support solutions across the enterprise.As a Senior Information Security Analyst, E-Commerce you'll collaborate with key H-E-B Partners on security programs used to implement corporate standards, procedures, and guidelines to align with various compliance and risk requirements.Once you're eligible, you'll become an Owner in the company, so we're looking for commitment, hard work, and focus on quality and Customer service. 'Partner-owned' means our most important resources--People--drive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company.

The Business Information Security Advisor (BISA) supports security and risk management initiatives to align with H-E-B’s Security Standards. This position will work with technology, business, and legal teams to develop secure solutions and will help coordinate security projects for products and the business. These projects may include: coordination of infrastructure and application security vulnerability remediation efforts, providing security guidance for new business projects, oversight of critical security access reviews, validating disaster recovery documentation & test activities, and coordinating the remediation of all security audit findings. The Business Information Security Advisor (BISA) I also helps the business comply with all legal, regulatory, & contractual security obligations, assists with the development & implementation of security process improvements, and champions security & risk mitigation. The BISA I may also be involved in certain aspects of security operational tasks, such as approving security requests or helping with the business context in incident response exercises.

ROLE

• Advise business on eCommerce, financial and payment security requirements aligned with compliance and industry best practices

• Working knowledge of IT security frameworks and regulations such as NIST, ISO, CSF, and PCI DSS

• Sharing details of vulnerability and configuration security findings with technology teams.

• Tracking and communicating with teams related to security coverage gaps (e.g. endpoint protection, vulnerability scanning).

• Threat modeling and documenting security risks associated with projects

• Supporting the updating/tracking of risks.

• Supporting the updating/tracking of projects.

• Supporting risk assessments.

• Supporting disaster recovery testing processes and tabletop activities.

• Completing User Access Reviews for systems that do not have centralized account management.

• Identifying gaps in training and documentation from team members feedback.

• Helping to draft and publish content (e.g. blog post) to close the gaps with the subject matter experts.

• Supporting learning and growing knowledge across Cybersecurity.

• Supporting communicating general security topics to teams (Security Awareness Training).

• Individual training on security topics for career growth.

• Assist with subpoena requests working with internal/external Legal Counsel.

REQUIREMENTS:

• Experience conducting PCI DSS assessments

• Familiarity with Vulnerability Management and Risk Assessment

• Understanding of web & mobile applications, cloud technologies, API Security, microservices & container security principles, system infrastructure, and enterprise architecture

• Ability to work in a fast-paced and dynamic environment

• Ability to work in a team and fix issues with limited supervision

• Excellent organizational, project management, and follow-up skills

• Ability to build and maintain strong working relationships at all levels of the organization

• Excellent communication, presentation, and reporting skills

RECOMMENDED:

• Bachelor’s degree or equivalent combination of education and work experience.

• 5 years of IT security experience

• One or more professional security certifications such as CISSP, CISA, CCSP

#LI-TM1

#ISSEC3232

10-2016