Information Security Risk Expert
Walmart Stores SUNNYVALE, CA
About the Job
Company Summary: Walmart, Fortune 1 company, incubates next-gen technology solutions for e-commerce and physical sites around the world. We integrate online, physical, and mobile shopping experiences for millions of customers around the globe. How do we do it? We continuously build and invest in new technology including open source tools and big data innovations. Data scientists, front and back-end engineers, product managers, and the web and UX/UI teams collaborate alongside e-commerce experts to envision, prototype, and bring revolutionary ideas to life in a dynamic, flexible and fun work culture.
Department Summary: The Information Security team has the herculean task of assuring that customers can safely shop with peace of mind knowing their data and information will be safe and secure. Solving some of the most unique cyber security problems in the industry, our team members share an elevated level of technical insight, creativity and ingenuity to secure data for one of the largest Company in the world.
• Ability to solve complex technical challenges, lead multiple areas in system solution implementation
• 10 years of Information Security or extensive Technical depth and experience in multiple fields of information technology
• 5 + years of eCommerce and Cloud development experience
• Desired certifications: CISSP, CRISC, CRMA, GCIA, GSEC
• Provides leadership and development opportunities for associates
• Monitors, analyzes, and remediates IT security risks and vulnerabilities by adhering to defined operating procedures; reviewing metrics to identify outliers, inefficiencies, and non-standard actions associated with operational processes and reporting the findings; identifying improvement opportunities and providing feedback to senior team members and management; and participating in meetings for any initiatives or tasks that will alter current processes.
• Coordinates compliance efforts in one area of regulatory specialty by monitoring the implementation of specific information security controls; ensuring proficiency with regulatory concepts for example, ISO, SOX, PCI, HIPAA¨; maintaining an understanding of multiple areas of compliance; managing multiple compliance assessments and remediation processes; identifying security compliance assessment and remediation process improvement; defining and/or implementing solutions to assess compliance and reduce risk; and presenting results and analysis of assessment and remediation activity to senior management.
• Manages the execution of basic security initiatives by prioritizing critical issues for root-cause analysis; ensuring resolution of critical issues; monitoring progress versus plan; escalating complex or difficult issues; utilizing scope-change orders to track changes to the project; minimizing impact of changes (for example, scope, schedule, costs); tracking expenditures and budgets; providing informational presentations; managing stakeholder expectations; holding self and project team accountable for project delivery; developing performance reports; and collaborating with stakeholders to assess costs and establish the return on investment (ROI).
• Manages the implementation of security governance by leading the process of governance administration and maintenance; ensuring familiarity with Walmart Information Security policies, standards, procedures, and best practices; modeling various governance concepts for example, ITIL, COBIT, Six Sigma, CMM¨; developing recommended remediation for gaps in security governance and policies through collaboration and consensus building; comparing and contrasting Walmart practices and industry standards; reviewing governance broadly for overlap and inconsistencies of operational, Security, and management practices; and maintaining familiarity with legislative process and pending legislation.
• Analyzes and identifies risk by understanding basic factors of influence to impact and likelihood; building working knowledge and relationship between risk and governance; building expertise in risk analysis in multiple layers of security specialty for example, Physical, Governance, Technical, etc.¨; and developing risk mitigation strategies for identified vulnerabilities; representing risk in multiple areas or domains; defining risks based on criticality, frequency, or level of impacts; and reporting to senior management risk observations.
• Builds vendor relations by preparing and executing request for proposals (RFPs); facilitating the vendor selection process; reviewing statements of work; ensuring compliance to vendor contracts; and reporting on vendor contract execution.
• Drives the execution of multiple business plans and projects by identifying customer and operational needs; developing and communicating business plans and priorities; removing barriers and obstacles that impact performance; providing resources; identifying performance standards; measuring progress and adjusting performance accordingly; developing contingency plans; and demonstrating adaptability and supporting continuous learning.
• Provides supervision and development opportunities for associates by selecting and training; mentoring; assigning duties; building a team-based work environment; establishing performance expectations and conducting regular performance evaluations; providing recognition and rewards; coaching for success and improvement; and ensuring diversity aw
Additional Preferred Qualifications
Manager's Ideal Candidate Must-Haves:
• BS in technical field of study or 10+ years of Information Security experience
• 5 years’ experience in performing technical risk assessments at an organizational, network and/or solution level;
• Ability to understand and speak to the current cybersecurity threat landscape (and how it applies to our business);
• Excellent communications skills, both verbal and written; and
• Experience working in a fast-paced, highly collaborative environment, using research and analysis to support recommendations and opinions.
• Desired certifications: CISSP, CRISC, CRMA, GCIA, GSEC
• Drives the execution of multiple business plans and projects for Information Systems Division (ISD)
• Ensures business needs are being met
• Leads system and vulnerability analysis and solution resolution.
• Maintains and advances industry expertise
• Mentors information technology Associates
• Promotes and supports company policies, procedures, mission, values, and standards of ethics and integrity
• Provides direction and coordination between large efforts and the technical execution plan
• Provides leadership, technical direction and development opportunities for associates
Minimum Qualifications: Bachelor s degree in Information Technology, Computer Science, or related field and 6 years’ experience in information technology or related field within the last 10 years OR 8 years’ experience in information technology or related field within the last 10 years.
Walmart Global eCommerce is comprised of Walmart.com, VUDU, SamsClub.com, and our technical powerhouse @WalmartLabs. Here, innovators incubate next gen e-commerce solutions in real-time. We integrate online, physical, and mobile shopping experiences for billions of customers around the globe. How do we do it? We continuously build and invest in new technology including open source tools and big data innovations. Data scientists, front and back-end engineers, product managers, and web and UX/UI teams collaborate alongside e-commerce experts to envision, prototype, and bring revolutionary ideas to life in a dynamic, flexible and fun work culture.
The Information Security team has the herculean task of assuring that customers can safely shop with peace of mind knowing their data and information will be safe and secure. Solving some of the most unique cyber security problems in the industry, our team members share an elevated level of technical insight, creativity and ingenuity to secure data for one of the largest Company in the world.