Job Information
Love's Travel Stops & Country Stores Cyber Security Analyst III in Oklahoma City, Oklahoma
Req ID: 439469
BASIC PURPOSE : The Cyber Security Analyst III - SecGRC provides leadership, advice, and expertise to IT staff and other departments related to Information Security issues. The Analyst III represents Information Security interests in projects internal and external to the department, performs risk and vulnerability assessments of new and existing applications and platforms, directs security-related data governance tasks, ensures compliance with applicable regulatory requirements, creates policy and process documentation, and otherwise contributes to the development and maintenance of a sound Information Security program. The Analyst III mentors less-experienced Information Security staff and may direct the activity of other SecGRC team members. The Cyber Security Analyst III - SecGRC reports to the Supervisor of Information Security - SecGRC.
MAJOR RESPONSIBILITIES:
Leads Information Security projects, including defining objectives, scope, and tasks
Represents the Information Security team in projects internal and external to the department
Defines and performs project-related tasks
Leads Information Security risk and vulnerability assessment processes
Counsels teams on the management of residual risk based on product, platform, or system design
Researches the internal and external threat landscape, conducts vulnerability analysis on emerging risks to the organization, and recommends remediation activities to management and other teams
Drafts and maintains risk and vulnerability assessment documentation
Leads risk and vulnerability remediation efforts
Leads data governance tasks
Leads regulatory compliance tasks, processes, and audit functions (PCI, Data Privacy Law, HIPAA, etc.)
Drafts and maintains compliance-related documentation
Drafts and maintains Information Security policy, process, and procedure documentation
Drafts and maintains Information Technology policy, process, and procedure documentation applicable to the broader Love’s IT infrastructure
Produces as-is and to-be process flows depicting process efficiencies and improvements
Drafts and maintains security awareness training content and material for distribution across multiple delivery methods, including but not limited to computer-based training (CBT), e-mail, SharePoint sites, and live training
Administers Information Security applications and platforms
Works with third-party support and security equipment vendors
Participates in the Computer Incident Response Team, as needed, typically focusing on lessons learned and post-event improvement
Mentors SecGRC team members in sound information security processes to protect the confidentiality, integrity, and available of Love’s information technology assets
Other duties assigned as needed
EDUCATION AND EXPERIENCE:
Education:
Bachelor’s Degree in Information Security, Information Technology, or a related discipline preferred
ISC2 Certified Information Systems Security Professional (CISSP), ISACA Certified in Risk and Information Systems Control (CRISC), GIAC Information Security Professional (GISP), CompTIA Advanced Security Practitioner (CASP+), or other advanced security / compliance / IT generalist certification preferred
Experience:
Minimum of 5 years’ experience in an Information Security role is preferred
Advanced knowledge of Information Security principles and practices to include, but not limited to, the following areas: Security Architecture, Risk and Vulnerability Management, Cloud Platform Security, Network-Based Security, Host-Based Security, Public Key Infrastructure (PKI), Security Information and Event Management (SIEM), Encryption, Data Loss Prevention (DLP), Malware Prevention required
Experience or knowledge in cloud-based security architecture is preferred
General IT experience (System Admin, Network Admin, etc.) preferred
Knowledge and understanding of Project Management principles and methodologies is a plus
Knowledge and understanding of Software Development Lifecycle (SDLC) is a plus
SKILLS AND PHYSICAL DEMANDS:
Skills:
Extensive knowledge of information security best practices
Knowledge of applicable data privacy practices and laws
Ability to conduct research into issues and products as required
Ability to prioritize/execute tasks and make sound decisions in a high-pressure, fast-moving environment
Comfortable acting independently and making best-judgment decisions with limited information
Strong interpersonal written and oral communication skills
Ability to present ideas in a user-friendly language
Highly self-motivated and directed
Keen attention to detail
Proven analytical and problem-solving abilities
Ability to perform general mathematical calculations for the purpose of creating need assessments and budgets
Strong customer service orientation; experience working in a team-oriented, collaborative environment
Typical Physical Demands:
Requires prolonged sitting, some bending and stooping
Occasional lifting up to 25 pounds
Manual dexterity sufficient to operate a computer keyboard and calculator
Requires normal range of hearing and vision
key words: CCPI, GDPR, data governance, data privacy, MS Office 365 compliance, MS Purview, compliance analyst, data privacy analyst, data labeling, data retention, DLP, data loss prevention, records retention schedule
Job Function(s): Information Technology
Love’s has been fueling customers’ journeys since 1964. Innovation and perseverance continue to lead the way for the family-owned and -operated business headquartered in Oklahoma City with more than 40,000 team members in North America and Europe. The company’s core business is travel stops and convenience stores with more than 630 locations in 42 states. Love’s continues its commitment to offer products and services that provide value for professional drivers, fleets, four-wheel customers, RVers, alternative fuel and wholesale fuel customers. Giving back to communities Love’s serves and maintaining an inclusive and diverse workplace are hallmarks of the company’s award-winning culture.
The Love’s Family of Companies includes:
Gemini Motor Transport, one of the industry’s safest trucking fleets.
Speedco and Love’s Truck Care, the largest oil change and preventive maintenance and total truck care network.
Musket, a rapidly growing, Houston-based commodities supplier and trader.
Trillium, a Houston-based alternative fuels expert.
TVC Pro-driver, a commercial driver’s license (CDL) protection subscription service.
EOE-Protected Veterans/Disability
Love's Travel Stops & Country Stores
- Love's Travel Stops & Country Stores Jobs