Here at Discount Tire, we celebrate the spirit of our people with extraordinary pride and enthusiasm. Our business has been growing for more than 60 years and now is the best time in our history to join us. We are opening more locations every year and we are always looking for qualified individuals to join us in our growth. We are a company that promotes from within, both in our retail and corporate operations.
Oversees PCI-DSS program compliance; security policy and standards. Governs Microsoft O365 security and compliance portal; exceptions; and reporting. Ensure information security program compliance through engagement across all IT teams. Collaborates across the IT, Finance, Legal & Risk business segments on various security and compliance activities.
Essential Duties and Responsibilities:
- Manage the PCI-DSS program through collaboration with stakeholders; including but not limited to meeting facilitation, reporting, evidence collection/tracking, remediation, and development of responses.
- Define and manage security and data governance policies across O365 locations, identities, and applications. Stay up to speed on organization's data in O365.
- Analyze security vulnerability scan results; prioritizes vulnerabilities; and collaborates across IT teams to mitigate risks to an acceptable level.
- Assist in the formation and execution of information management framework, policy, and standards for data loss prevention, privacy, data classification, and retention of digital information.
- Implement information security best practices which align with industry standards in support of the IT business segment and information security strategy.
- Collaborate with the Security Operations Center (SOC); assist with creation of repeatable process documentation; Microsoft O365 alert monitoring; and incident response playbooks.
- Ensure adherence to IT security and enterprise governance standards, processes and controls.
- Create end user security awareness related to Microsoft O365 through participation in the delivery of information security best practices and threat remediation; view and investigate threats to users, review security analytics and reports across O365 products, stay up to speed on threat landscape.
- Participate as a member of the Incident Response Team (IRT); focus on security event response, forensic investigations and incident recovery.
- Assist employees, vendors or other customers by answering questions related to security governance policies, processes and procedures.
- Stays current on the latest security and IT industry technologies, trends and strategies.
- Completes work in a timely and accurate manner while providing exceptional customer service.
- Other duties as assigned.
- This position requires a minimum of 5 years information security experience with progressive complexity and responsibility.
- A minimum of 5 years' experience with information security and data governance required.
- Demonstrated ability to analyze process workflows and identify security gaps and bottlenecks is required.
- Ability to communicate across all levels of the organization, articulate technical ideas to a non-technical audience, both verbally and in writing, is required.
- Microsoft O365 security and compliance portal administration highly desired.
- Proven knowledge of information security tools, including, but not limited to, intrusion prevention, vulnerability scanning, syslog, firewall policies, reverse proxy and authentication highly desired.
- Demonstrated knowledge of PCI-DSS standards is preferred.
- Corporate retail experience is preferred.
- Experience in identifying issues, performing root cause analysis, identifying relevant business risks is preferred.
- Demonstrated critical thinking a plus.
- Demonstrated ability to work efficiently under pressure, accurately meet deadlines, present a professional demeanor and work well independently is essential. In addition, troubleshooting and organizational skills with a can-do attitude and the ability to adjust to changing requirements are essential to success for this position.
- Maintaining confidentiality, treating others with respect and upholding Company values is a must.
- This position requires an associate or bachelor's degree in Computer Science, Business, Criminal Law or related field or equivalent experience.
- Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Security+, or Systems Security Certified Practitioner (SSCP) highly desired.
- Microsoft security or administrator certifications a plus.
Normal work days are Monday through Friday. Occasional Saturdays and Sundays may be necessary.
Normal work hours are 8:00 a.m. to 5:00 p.m. Additional hours may be necessary.