Senior Manager - Information Security - CISSP

Walmart - BENTONVILLE, AR

Position Summary:

What started small, with a single discount store and the simple idea of selling more for less, has grown over the last fifty years into the largest retailer in the world. Today, nearly 260 million customers visit our more than 11,500 stores under 65 banners in 28 countries and e-commerce sites in 11 countries each week. With fiscal year 2015 net sales of $482.2 billion, Walmart employs 2.2 million associates worldwide – 1.4 million in the U.S. alone. It’s all part of our unwavering commitment to creating opportunities and bringing value to customers and communities around the world.


Leads audit plan development for Information Security Audit engagements by identifying the technology behind the business process subject of the audit; identifying cyber risks threatening accomplishment of process objectives; determining the severity risks with regard to likelihood of occurrence and business impact; developing audit tests to assess the effectiveness of controls; employing data analytics technologies; assigning associates to execute portions of the technical audit plan.

Designing and developing strategies and tools to enhance audit efficiency and effectiveness leveraging IT industry expertise; applying relevant information security frameworks and best practices (for example ISO 27001/2, NIST, COBIT, OWASP Top 10, etc.) in areas of high complexity and emerging technologies.

Provides subject matter expertise in information security by ensuring comprehensive approaches to multiple audit projects; identifying IT audit work programs and control testing processes; developing and delivering training to internal and external teams; and reviewing technical aspects of audit projects.

Demonstrates ability to discuss and understand information security issues in areas such as vulnerability assessment, penetration testing, identity and access management, web application security, secure network architecture, data protection and internet networking in general (i.e. TCP/IP, DNS, routing, etc.)

Drives project deliverable completion by reviewing and overseeing the completion of audit workpapers, approving the severity and disposition of identified control weaknesses; reviewing compensating controls and offering recommendations on mitigation effectiveness; ensuring solution proposal, communication protocol, and communication effectiveness; leading closing conferences; and managing the follow up on remediation issues.

Leads technical functions to support information security audits by coordinating with process owners to identify and test controls; validating process documentation; analyzing IT and business information to identify improvement opportunities; working with the company's external auditors to ensure testing of regulatory compliance controls (Sarbanes-Oxley IT General Controls program); determining the technical components to be evaluated as a result of business compliance requirement and testing methods; and building foundations for aligning approach and technical scope with the company's external auditors. Maintains and advances industry expertise by reviewing new technologies; and participating in continuing education and training (for example, relevant industry certifications, forums).

Provides supervision and development opportunities for associates by selecting and training; mentoring; assigning duties; building a team-based work environment; establishing performance expectations and conducting regular performance evaluations; providing recognition and rewards; coaching for success and improvement; and ensuring diversity awareness.

Promotes and supports company policies, procedures, mission, values, and standards of ethics and integrity by training and providing direction to others in their use and application; ensuring compliance with them; and utilizing and supporting the Open Door Policy.

Qualifications:

-Bachelor’s degree in Management of Information Systems or other Information Technology-related field.

-8 plus years of experience in information security with internal audit emphasis preferred

-2 years of supervisory experience.

-Information systems certification or licensure (for example, Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA), Certified Information Systems Manager (CISM)).

---

Posted: 30+ days ago

Apply Now