Job descriptionPosition Purpose:
The Home Depot is able to offer virtual employment of this position in the following states: AL, AK, AZ, AR, DE, DC, FL, GA, HI, ID, IL, IN, IA, KS, KY, LA, ME, MD, MA, MI, MN, MS, MO, MT, NE, NH, NJ, NM, NY, NC, ND, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VT, VA, WA, WV, WI, WY
Protecting what matters most to our associates and consumers by securing our sensitive data and critical assets from current and emerging threats. At The Home Depot Cybersecurity consists of Architecture, Governance, Identity & Access Management, Internal Threat Operations, Issue and Compliance Management, Risk Assessment/Advisory, Security Consulting, Security Operations and Strategic Planning.
Staff Analysts perform data gathering, analysis, synthesis and develop solutions to support THD Cybersecurity practices. Staff Analyst mentors and guides Jr Analysts. Lead multiple projects, possess excellent communication skills, work well with a team, interact with multiple levels and functions across the organization
Additionally, a Cybersecurity Staff Analyst may help define and improve Risk Management framework, methodology, and processes, identify opportunities for gaining efficiencies in services and solutions, enhancing IT Risk efficiency, improving quality, maximizing capacity, and reducing operational waste. This role may assist in Cybersecurity governance, monitoring, compliance, auditing, training, metrics and measurement, reporting, and reviews performed by other teams.
The responsibilities for this role will be working on a Cybersecurity Risk Management program to identify, assess, and document IT and Cybersecurity risks to the Home Depot and support our overall security initiatives and goals. This role will liaison with enterprise leadership, business stakeholders, other IT teams, IT management, and cybersecurity operational teams to perform ongoing activities necessary to assess, document, and improve the security of the Home Depot with technology solutions. This includes working with the business to determine and document inherent risk and evaluating security risks for potential and existing solutions.
Major Tasks, Responsibilities & Key Accountabilities:
100% Deliver Execution, Plans & Aligns, Develop Others - Oversee multiple projects simultaneously; Strategic partner to align solutions to customers expectations Communicate to various levels of business partners; Collaborate with stakeholders, business partners, colleagues, developers and others to deliver high quality solutions; Partner cross-functionally to define assess, communicate, implement, train and change management of projects; Lead, mentor and provide guidance to team members and partners; Serve as SME and perform research/analysis within assigned projects
Nature and Scope:
This position typically reports to Manager or Sr. Manager
This position has 0 Direct Reports
Environmental Job Requirements:
1. Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
No travel required.
Standard Minimum Qualifications:
Must be eighteen years of age or older.
Must be legally permitted to work in the United States.
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.
Years of Relevant Work Experience:
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
2+ years of previous leadership experience
- Experience in IT Risk and Controls Testing
- Experience in identifying Technology, Cybersecurity, and Operational Risks
- Experience with NIST Cyber Security Framework and NIST 800-37 Risk Management Framework
- Support in defining risk assessment methodologies
- Likelihood, rating/scoring, criteria definitions, probabilities, realized risk
- Support in risk scoring and risk prioritization
- Experience in Assessing IT Risks
- Support in defining inherent and residual risk and rationale
- Knowledge of Risk: Impacts, likelihood, control environment, residual risk, risk tolerance
- Experience in GRC and compliance controls
- Experience supporting risk compliance, and external audits
- Knowledge in PCI, SOX, CCPA, PII, NIST, ISO, CSF, other risk frameworks
- Experience in GRC tools and control/risk statements
- Action Oriented
- Drives Engagement
- Communicates Effectively
- Customer Focus
- Drives Results
- Manages Conflict