Senior Information Security Analyst

Posted Date: Mar-12-2021

Job ID: 19547

Job Type: Full Time

Job Function: Information Technology

City: Sumner

State: Washington

Store: HQ Employee At Sumner Distribution Center



Please visit the Covid-19 Hiring Updates before applying


What's cool about this job

Job Title: Senior Information Security Analyst
Location:  REI; City: Sumner; State: Washington. Telecommuting within normal commuting distance of Seattle, WA is required, with at least monthly in-person meetings at Seattle-area REI offices.
Job Description: Responsible for evaluating the existence and effectiveness of information security controls across the Co-Op, using the REI common controls framework and related policies and standards as your guide. Understand and evaluate controls at a granular level, leveraging your technical background and auditing expertise to uncover potential gaps and areas in need of improvement. Report on findings and make recommendations that both address the security needs as well as help the business remain nimble and customer focused. Maintain and update the REI common controls framework, as needed, as technologies evolve and the business changes over time. Work with other Information Security functions such as Cybersecurity Threat Management, Third Party Risk Management, and Data Privacy to incorporate their needs within the REI common controls framework and related policy and/or standards. Lead risk based and security analysis to administer and maintain, proactively identify issues/gaps and lead initiatives to improve overall Information Security function, ensuring access rights are maintained and risks remains low in changing business requirements and changing risk and threat landscape. Monitor changes to information security overall and proactively identify the need for changes to existing policies and procedures based on changes to the risk landscape. Ensure compliance with all applicable internal and external Information Security requirements through coordination of internal and external resources. Proactively identify and lead to resolution issues/gaps and redundant procedures based on changing business requirements and changing risk and threat landscape. Demonstrate awareness of all information security trends, vulnerabilities, including and especially those influencing the retail and E-commerce industry. Consult with client and development area management and staff in the design and implementation of new or modified information security processes. Model and act in accordance with REI’s guiding values and mission. Telecommuting within normal commuting distance of Seattle, WA is required, with at least monthly in-person meetings at Seattle-area REI offices.

Bring your passion and expertise

Job Requirements: Bachelor’s degree in Computer Science, Information Management, Information Security, or a closely related field, or the foreign degree equivalent; and 5 years of progressive, post-baccalaureate experience performing information security analysis, including the following: 4 years interpreting cybersecurity laws and regulations and defining requirements for internal consumption; 4 years assessing cybersecurity maturity and providing recommendations based on industry frameworks such as NIST or ISO 27001/27002; 4 years evaluating security artifacts such as SSAE16, SOC1/SOC2, AOC, or similar for internal control environment effectiveness of 3rd party vendors; 3 years assessing vulnerabilities and/or security control gaps across all control domains/families utilizing vulnerability assessment practices and related technologies; 3 years developing and customizing IT controls frameworks for internal consumption; 3 years customizing and managing a GRC platform; 3 years assessing and reporting on effectiveness of security controls; 2 years managing vulnerability identification technologies; 2 years helping develop and maintain a security awareness training program; and 2 years in creating and/or maintaining cybersecurity policy documentation. Experience may be gained concurrently. 

Job # REI01302021

At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.