Security Risk and Controls Analyst

Posted Date: May-31-2017

Job ID: 7927

Job Type: Full Time

Job Function: Legal

City: Kent

State: Washington

What's cool about this job

Security Risk and Controls Analyst

Collaborates with all levels of Information Technology for the successful implementation testing and remediation of Governance, Risk, and Controls (GRC) program which will have far reaching change impact on the culture and behavior of IT professionals at REI.  Responsible for the development and management of remediation and framework compliance using industry best practices.  Knowledge and understanding of how to implement and develop best practices for risk and compliance program to ensure compliance to NIST, ISO, COBIT and other standard security controls.  

Job Requirements:

  • Analyze control frame works, federal requirements and security best practices to recommend mitigation for gaps in security controls for REI systems.
  • Knowledge of system processes to coordinate responses and interviews with subject matter experts.
  • Knowledge of security program to be able to respond high level to policies, controls, BCP/DR, Incident Response, risk, overall security practices and processes.
  • Assist in the development of an assessment process to include coordination of resources, evidence/artifacts, remediation processes and ensure controls are in place and functioning as designed; improve efficiency and proficiency.
  • Provide reports and dashboards on security controls and programs as directed.
  • Leads the planning, design, development and execution control effectiveness testing.
  • Participate in assessment and testing coordination, review, documentation, evidence and remediation.
  • Establishes strategic partnerships to anticipate, advise, and effectively communicate (written and verbal) Federal and State regulatory and business partner governance and control requirements.
  • Challenge the status quo and recommend process efficiencies.
  • Drive governance around risk management (i.e. ensure organizational frequencies of risk assessment and reporting.

Bring your passion and expertise

Minimum Requirements:

  • Bachelor's degree or equivalent experience in Information Technology Controls in lieu of a degree.
  • 5+ years work experience in Security/IT Compliance or related discipline.
  • 3+ years leading within a matrixed corporate environment.
  • 5+ years facilitating control design and operating effectiveness with all levels of the organization.
  • Advanced knowledge SOX and PCI controls and assessments.
  • Advanced knowledge relevant industry data sources. 


  • Current CISA, CISM or CRISC
  • Understanding of industry and government regulations impacting security practices.

Why you'll love it here

If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.