Headquartered in Columbus, Ohio, Big Lots, Inc. (NYSE: BIG) is a Fortune 500 discount retailer operating more than 1,400 Big Lots stores in 47 states with product assortments in the merchandise categories of Food, Consumables, Furniture, Seasonal, Soft Home, Hard Home, and Electronics & Accessories. Our vision is to be recognized for providing an outstanding shopping experience for our customers, valuing and developing our associates, and creating growth for our shareholders. Big Lots supports the communities it serves through the Big Lots Foundation, a charitable organization focused on four areas of need: hunger, housing, healthcare, and education.
The Sr. Information Security Analyst manages various information security initiatives, projects, and systems to provide a secure computing environment. Provides design recommendations for implementing new information security systems and products.
Essential Duties and Responsibilities (include but are not limited to the following):
1. Manages and maintains a network intrusion detection system.
2. Manages and maintains a security information management system.
3. Manages and maintains a change detection system.
4. Monitors networked systems for indications of anomalous activity and security breaches.
5. Manages and maintains a vulnerability discovery and management system. Provides reports on specific vulnerabilities as well as overall state of risk in the computing environment.
6. Conducts information security assessments and risk analysis of computing environment.
7. Manages remediation efforts with Information Technology organization when vulnerabilities are identified.
8. Manages, performs and maintains compliance efforts with various laws and industry regulations including Payment Card Industry Data Security Standards (PCI-DSS), Sarbanes-Oxley (SOX) and HIPAA.
9. Reviews application code to identify vulnerabilities; develops and recommends remediation plans.
10. Provides technical support for e-Commerce fraud investigations.
11. Conducts computer forensics examinations and assist with e-discovery efforts as necessary.
12. Conducts investigations of computer security events and assists with remediation where applicable.
13. Completes components of incident response plan as directed.
14. Assists with enterprise-wide information security awareness program.
15. Assists in the training and development of departmental associates as needed.
1. College Degree in computer science or related field or equivalent experience required.
2. Minimum of five years experience in an Information Technology field with a minimum of three years in an Information Technology Security function required. Experience in a retail company preferred.
3. MCSA, MCSE, CCNA, Security +, or CISSP certifications preferred.
4. Expert knowledge of network security systems including intrusion detection, firewalls, change detection, vulnerability scanners and security information management tools required.
5. Previous system administration and/or network/data communications experience preferred.
6. Previous experience with performing application security reviews, software developer or background with writing automated scripts preferred.
7. Expert knowledge of Windows and Linux operating systems required.
8. Expert knowledge of core internet and network protocols required. (e.g., TCP/IP, DNS, SMTP, HTTP etc.)
9. Strong interpersonal skills with the ability to develop alliances with key stakeholders.
10. Ability to work extended hours, drive an automobile and travel as required.
: Information Technology