Information Security Analyst; GRC-IRM

Work Where You Matter

Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers Save time. Save money. Every day.® by offering products that are frequently used and replenished, such as food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares and seasonal items at everyday low prices in convenient neighborhood locations. Learn more at

General

Summary:

Responsible for working with the information security management team to administer the Company’s information security programs, maintain Sarbanes‑Oxley (SOX), HIPAA, and PCI DSS compliance programs, and support a variety of systems and applications. Contribute across a variety of IT projects and, as a team member, recommend, design, implement, administer, and support pragmatic information security controls that meet dynamic tactical and strategic objectives.

Primary focus is governance, risk, and compliance (“GRC”) / integrated risk management (“IRM”) processes, solutions, and support.

• Perform effective security risk assessments of services, solutions, and vendors by staying current with threat assessment techniques and trends, performing independent research to gather and document security posture information, identifying areas of risk and evaluating applicability and severity, tracking and centrally maintaining identified risk information, recommending risk remediation options, drafting comprehensive risk assessment reports, and collaborating with business owners to ensure identified risks are managed to appropriate remediation, transference, avoidance, or acceptance outcomes.
  
  (55%)
• Support defined Company operating principles; analyze, define, implement, and administer efficient business processes related to the information security program; support a variety of security technologies in a hands‑on manner; monitor service request queues and provide first‑tier support to internal customers, owning tickets and driving resolution; use project management best practices to initiate, manage, and close projects; and create and maintain documents related to projects and information security policies, standards, procedures, recommendations, etc.
  
  (20%)
• Analyze current and emerging security best practices and legal and industry regulatory compliance requirements for applicability, including ESG considerations. Stay current with associated security and industry trends, best practices, and standards such as PCI DSS, SOX, HIPAA, GDPR, CCPA. (10%)
• Administer, maintain, and continuously improve applicable regulatory and internal controls compliance programs; investigate known or suspected security incidents and support internal and external audits. (10%)
• Participate in meetings; build and maintain strong partnerships with multiple departments; participate in vendor support engagements; and perform other duties as required. (5%)

• Understanding of pragmatic information security controls and holistic defense‑in‑depth strategies
• Understanding of current and emerging industry and information security technologies, risks, and trends
• Working knowledge of security frameworks such as SCF, NIST, ISO 27001, etc.
• Written and oral communication skills that enable effective communication to appropriate audiences
• Extreme attention to detail, always leaning toward caution
• Ability to learn and retain new skills required to adapt to evolving business and technical environments
• Ability to influence and motivate others
• Ability to occasionally work during non‑standard shifts and in an on‑call capacity, and be available for occasional travel (up to 5%)

Education: College degree or equivalent experience in information security or computer information systems.

Work Experience: Minimum 2‑3 years of information security experience, preferably in the GRC/IRM realm. Experience interpreting data from multiple sources to quantify potential risk and impact.

Technical

Experience:

Hands‑on experience with Integrated Risk Management platforms (e.g., One Trust, RSA Archer, Service Now, etc.), common controls frameworks (e.g., Secure Controls Framework, etc.), and threat intelligence platforms, feeds, and services.

Experience identifying and addressing security risks associated with host and network operating systems (e.g., Windows, Linux, AIX, AS400, PAN OS, Cisco IOS, etc.); enterprise services (e.g., directory services, email, content management and collaboration, web publishing, database, virtualization, etc.); client‑server, thin‑client, and web‑based applications; enterprise applications; cloud services (e.g., SaaS, IaaS, etc.); data storage, security architecture, network communications technologies and protocols, etc.