Our Ability Jobs

Job Information

Lowe's Sr Manager, Information Security in Mooresville, North Carolina

Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits .

Job Summary:

The primary purpose of this role is to manage a team of professionals focused on the identification and treatment of potential information security risks to the environment. This role will engage across Lowe's to assess, monitor and govern cyber risks to optimize our risk profile. This job also maintains proper assessment of threats, management of industry trends and the monitoring of different environments to minimize information security and risk exposure for the organization. In addition, this role provides insight and recommendations to inform the ongoing strategy for health and care of assigned security processes and tools.

The Sr. Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment, influence and may constructively challenge leaders to support the Information Security Program objectives, balancing business strategy within Lowe’s risk tolerance.

The Sr. Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. The ideal candidate will be a highly motivated self-starter who can deliver results with minimal direction and excels at effective communication at various levels in the organization. This role will be responsible for providing leadership direction to attract, assess, develop, motivate and retain a team.

Note: This role can be remote with some in-office collaboration, as required (e.g., quarterly).

Key Responsibilities:

Serves as an escalation point for complex or unresolved technology security issues; manages escalated issues effectively or further escalates issues to senior management when appropriate; raises business risks associated with technical issues to senior management

Manages reports and documents drafted by team members regarding potential risks in different environments based on research findings and industry trends.

Oversees the improvement of cyber engagement across the organization by providing cyber security inputs to appropriately secure technologies and strategic initiatives

Deals effectively with ambiguous and unstructured problems and situations.

Provide assessments, monitoring, and reporting of information security risks

Work with business partners and colleagues to institute risk mitigating controls where necessary

Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines

Provides subject matter expertise to assist in establishing an annual learning plan, may be accountable for developing and delivering training content

Provides guidance information security-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable

Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results

Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

Leads collaboration with technical teams to identify, resolve, and mitigate information security risk findings

Provides direction to team(s) (often dispersed globally between US and India), ensuring team members deliver work that meets customer requirements as well as internal team objectives

Communicates the vision for the overall function to team members, ensuring everyone understands the team's

Works cross-functionally to manage and organize work processes and ensure the most efficient and effective workflow of enterprise-level security programs

Leads the implementation of various information security projects to ensure strong governance and/or operations across Information Security at Lowe’s

Leads efforts to document team processes, procedures and guidelines as needed to support operations and audit requirements

Protects the integrity, confidentiality, and availability of information in the custody of or processed by the company

Reports against Objectives and Key Results (OKRs) that demonstrate the level of compliance with Information Security Management; provides feedback to help evolve the OKR strategy

Reviews the development of processes to best monitor different environments using security tools to identify possible threats and risks to the organization's network environment.

Experience building compelling dashboards and reports for executive reporting

Advanced analytical skills that demonstrate their ability to learn how to navigate systems, access data, reconcile numbers from different sources, identify discrepancies and understand drivers of change within data


Required Qualifications:

• Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)

• 8 years of IT experience with a broad range of exposure to all aspects of business/system planning, analysis, and application development

• 3 years of experience leading project or technical teams with or without formal direct report responsibility; this includes experience providing technical direction, thought leadership, coaching and mentoring to team members

• 4 years of experience with information security tools, concepts and practices

• Familiarity with multi-platform technology environments and their operational/security considerations

• Experience managing projects and project resources to meet goals on simultaneous/multiple projects

Preferred Qualifications

• Masters Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field

• IT experience in the retail industry

• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)

• Experience in a PCI/Retail technology environment

• 4 years of experience in one or more of the following fields: technical, security or privacy education/training, information security, external/internal audit, risk management (specific to Security Governance, Risk and Compliance role)

• 3 years of experience conducting or leading PCI-DSS assessments (specific to Security Governance, Risk and Compliance role)

EEO Statement

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law. Pay Range for Colorado and New York : $81,200.00 - $225,000.00 annually Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits .