You haven't searched anything yet.
H-E-B is a leading innovator in technology, and our Digital Technology Team collaborates to design, construct, implement, and support solutions across the enterprise.As a Senior Information Security Analyst, E-Commerce you'll collaborate with key H-E-B Partners on security programs used to implement corporate standards, procedures, and guidelines to align with various compliance and risk requirements.Once you're eligible, you'll become an Owner in the company, so we're looking for commitment, hard work, and focus on quality and Customer service. 'Partner-owned' means our most important resources--People--drive the innovation, growth, and success that make H-E-B The Greatest Omnichannel Retailing Company.
The Business Information Security Advisor (BISA) supports security and risk management initiatives to align with H-E-B’s Security Standards. This position will work with technology, business, and legal teams to develop secure solutions and will help coordinate security projects for products and the business. These projects may include: coordination of infrastructure and application security vulnerability remediation efforts, providing security guidance for new business projects, oversight of critical security access reviews, validating disaster recovery documentation & test activities, and coordinating the remediation of all security audit findings. The Business Information Security Advisor (BISA) I also helps the business comply with all legal, regulatory, & contractual security obligations, assists with the development & implementation of security process improvements, and champions security & risk mitigation. The BISA I may also be involved in certain aspects of security operational tasks, such as approving security requests or helping with the business context in incident response exercises.
ROLE
Advise business on eCommerce, financial and payment security requirements aligned with compliance and industry best practices
Working knowledge of IT security frameworks and regulations such as NIST, ISO, CSF, and PCI DSS
Sharing details of vulnerability and configuration security findings with technology teams.
Tracking and communicating with teams related to security coverage gaps (e.g. endpoint protection, vulnerability scanning).
Threat modeling and documenting security risks associated with projects
Supporting the updating/tracking of risks.
Supporting the updating/tracking of projects.
Supporting risk assessments.
Supporting disaster recovery testing processes and tabletop activities.
Completing User Access Reviews for systems that do not have centralized account management.
Identifying gaps in training and documentation from team members feedback.
Helping to draft and publish content (e.g. blog post) to close the gaps with the subject matter experts.
Supporting learning and growing knowledge across Cybersecurity.
Supporting communicating general security topics to teams (Security Awareness Training).
Individual training on security topics for career growth.
Assist with subpoena requests working with internal/external Legal Counsel.
REQUIREMENTS:
Experience conducting PCI DSS assessments
Familiarity with Vulnerability Management and Risk Assessment
Understanding of web & mobile applications, cloud technologies, API Security, microservices & container security principles, system infrastructure, and enterprise architecture
Ability to work in a fast-paced and dynamic environment
Ability to work in a team and fix issues with limited supervision
Excellent organizational, project management, and follow-up skills
Ability to build and maintain strong working relationships at all levels of the organization
Excellent communication, presentation, and reporting skills
RECOMMENDED:
Bachelor’s degree or equivalent combination of education and work experience.
5 years of IT security experience
One or more professional security certifications such as CISSP, CISA, CCSP
#LI-TM1
#ISSEC3232
10-2016
Full Time
$92k-110k (estimate)
03/07/2023
04/13/2024
hebmex.com
<25