Lead Analyst, Information Security

About the position

The primary purpose of the Lead Analyst, Information Security role is to support the IT Security Compliance team's continuous compliance program. This includes executing and improving processes and procedures with occasional guidance from senior-level security leaders. The Lead Analyst will manage and coordinate all activities related to the continuous SOX and security compliance processes. This position is responsible for leading a workstream in assessing and implementing SOX controls that support large, complex IT modernization initiatives, which are crucial for key business and technology strategies with enterprise-wide impact. The role encompasses overseeing all activities including planning, program execution, control testing, and reporting for assigned workstreams. Additionally, the Lead Analyst will provide critical input into the long-term strategy for technology security across all domains and platforms, offering direction and indirect people leadership in a matrixed management environment. In this role, the Lead Analyst will work closely with various groups and levels of leadership within Lowe's Tech, including the Executive Leadership Team. They will develop written reports of varying depth on short deadlines, with minimal supervision, ensuring the technical level of detail is appropriate for the audience. The Lead Analyst will collaborate with technical and business teams responsible for major financial system modernization efforts to determine SOX impact and assist in designing the relevant SOX controls. They will identify and scope improvement opportunities in the SOX area, working to bring these opportunities to fruition while defining appropriate controls. Conducting IT and adjacent process walkthroughs will be essential to ensure that control objectives are met and sufficient coverage is maintained. The Lead Analyst will interface with management on all required activities and with Internal and External audit teams regarding SOX scoping and controls definition, providing reasonable support during the audit lifecycle. They will also provide oversight, direction, and mentoring to IT Security Compliance analysts, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls. Building and maintaining effective working relationships with key business stakeholders is crucial, as is supporting management in developing robust action plans to address deficiencies and ensure prompt remediation of issues. The Lead Analyst will support internal team initiatives by delivering high-quality technical assessments and providing insight and consultation to ensure that new and existing security solutions are developed with an understanding of industry best practices, strategies, and architectures. Recommendations for process or technology changes will also be part of their responsibilities, along with developing tools or processes to operationalize and improve workflows. Finally, the Lead Analyst will partner with senior key stakeholders to develop and/or update Information Security documents such as policies, standards, procedures, and training materials.