Senior Enterprise Information Security (EIS) Compliance Analyst - Bellevue

Posted Date: Oct-30-2018

Job ID: 12455

Job Type: Full Time

Job Function: Legal

City: Bellevue

State: Washington

Store: Eastgate Headquarters


What's cool about this job

As the Senior Enterprise Information Security (EIS) Compliance Analyst you will be responsible for evaluating the existence and effectiveness of information security controls across the Co-Op, using the EIS common controls framework and related policies and standards as your guide. You will need to understand and evaluate controls at a granular level, leveraging your technical background and auditing expertise to uncover potential gaps and areas in need of improvement. You will report on findings and make recommendations that both address the security needs as well as help the business remain nimble and customer-focused. You will also help maintain and update the EIS common controls framework, as needed, as technologies evolve and the business changes over time. The Senior EIS Compliance Analyst will work with other EIS functions such as Cybersecurity Threat Management, Third-Party Risk Management, and Data Privacy to incorporate their needs within the EIS common controls framework and related policy and/or standards. This role will work very closely with IT Security and other key stakeholders across the organization. This is not an operational security role. Reports to the Manager of Risk and EIS Compliance.


  • Demonstrating advanced understanding of complex business processes, internal control risk management, IT controls and related standards.
  • Implementation, operation and maintenance of our EIS common controls framework for continuously testing and monitoring of all information security controls
  • Identifying and evaluating complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
  • Assisting in the selection and tailoring of approaches, methods and tools to support projects.
  • Assist in designing, creating and maintaining risk-based EIS metrics.
  • Assisting with information security compliance activities including PCI DSS.
  • Assisting with EIS training and awareness activities.
  • Providing support as needed to the team in the execution of EIS objectives.
  • Actively supporting our Co-Op culture and embracing our core values of authenticity, service, respect, integrity, and balance.

Bring your passion and expertise

  • Bachelor's Degree in Accounting/Audit, Cybersecurity, Risk Management, Business Information Systems, or a related field, or equivalent work experience.
  • 5 years of experience in information security, IT audit, or another IT function.
  • Experience with regulatory compliance, including information security management frameworks (e.g., NIST CSF, ISO2700x, SANS Top 20 Critical Security Controls, COBIT 5, OWASP, PCI DSS 3.2.1, GDPR)
  • Skill in assessing security controls based on cybersecurity principles and tenets.
  • Demonstrated technical expertise in information security, cybersecurity and IT systems and an ability to keep pace with changing security and IT technologies.
  • Experience with cloud-based security strongly preferred.
  • Knowledge of control development, monitoring and reporting in enterprise environments.
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
  • Strong interpersonal skills, with an emphasis on the ability to effectively influence others.
  • A team-focused mentality with the proven ability to work effectively and collaborate with diverse stakeholders.
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner.

Why you'll love it here

REI is more than just a place to work. It’s a fun, inspired culture where a rare balance is struck between professional duties and personal adventures. Whether you camp, paddle board, climb mountains or simply prefer local parks, the outdoors connects us all. Then factor in REI’s stewardship, dedication to sustainability and contributions to our customers’ loved outdoor spaces and you have a recipe for some passionate employee

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.