Discovery is at the core of everything we do – whether it’s a great value, incredible style, or building long-lasting partnerships with people around the world. That’s what makes TJX different. You can find it all across our brands: TJ Maxx, Marshalls, HomeGoods, Sierra, and Homesense. Every one of our brands has one thing in common: environments that are always changing. That’s just how we like it. Every day is an opportunity to discover something new about our business, our partnerships, and even about yourself. Come discover what different can mean for you.
Want to make an impact?
We are looking for an Senior IT Security Analyst to join our Vulnerability Management Program!
In this role, you will perform basic risk assessments and security reviews to ensure compliance with internal policies, standards and regulatory requirements. This will include performing root cause analysis, investigate and resolve security incidents, identify security risks and exposures, determine causes of security violations and design, recommend and track procedures to mitigate future incidents.
You will also proactively determine if an event needs to be raised to management, recommend a course of action for low to medium complexity situations and provide input and recommendations to management to change current procedures.
You will work with IT partners to provide technical and process expertise across a broad range of vulnerability management work efforts.
A successful candidate will demonstrate an ability to work independently and in an organized manner. They will communicate very effectively and manage their workload independently. They will demonstrate strong technical ability and experience, as well as the ability to work calmly under pressure. They must act with integrity, take pride in their work, seek to excel, be curious and adaptable.
This is a US-based global role with some negotiable travel requirement.
Additional Responsibilities Include:
- Using vulnerability scanning tools, application security testing solutions and network assessment utilizes to identify security vulnerabilities.
- Performing vulnerability scans and develop applicable vulnerability reports for House systems.
- Analyzing scan results and engage with stakeholders to resolve identified vulnerabilities; document exceptions, and false positives.
- Communicating appropriate vendor and scan system recommended solutions as part of comprehensive remediation solutions.
- Following up with owners to ensure remediation efforts are consistent with policy and raise instances of noncompliance.
- Tracking progress of vulnerability remediation with responsible partners and support teams.
- Performing deep-dive analysis of vulnerabilities leveraging data from various sources; analyze data sources and provide recommendations for optimal reports.
- Reviewing and prioritizing the severity of vulnerabilities using CVSS and custom risk models.
- Assisting in maintaining asset, configuration management and vulnerability databases. Working with Cybersecurity staff to solve performance and connectivity issues with network scanning and security assessment tools.
- Support Business Intelligence (BI) and reporting efforts through building tailored analytics solutions, managing dashboards, reporting to stakeholders.
- Experience operating vulnerability and compliance scanning tools such as Rapid7 Nexpose, Tenable Nessus, Veracode, etc.
- Must have the ability to identify and assesses the severity and potential impact of risks and communicate findings to risk owners in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- Decision-making capabilities, with a moderate ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- Able to apply current threats to the TJX business model.
- Familiar with IT policies, laws, standards and frameworks applicable to the specific technical role e.g. ISO27000, COSO, NIST-800, PCI-DSS, etc.
- Able to assist in the development of risk and compliance management processes and workflows.
- Basic knowledge of IT risk and compliance, security architecture design, network security, cloud/mobile security, data security and internal/external threat intelligence/analysis
- Internal Audit experience is a plus.
- Strong verbal and non-verbal communication skills; able to communicate/present technical security details to a wide range of audiences.
- Solid working knowledge with MS Office.
- May provide guidance and training to more junior associates.
- May provide budgetary recommendations for future projects/security tools/applications.
- Bachelor’s Degree in Computer Science, MIS, Information Security or related field, or equivalent experience. Up to date professional qualifications such as CISM, CRISC, CISA, or CISSP certifications preferred.
A successful candidate will demonstrate an ability to work independently and in an organized manner, communicate effectively and manage their workload independently. They will demonstrate strong technical ability and experience, as well as the ability to work calmly under pressure. They must act with integrity, take pride in their work, seek to excel, be curious and adaptable.
Discover Different at TJX means opportunity, teamwork, and career growth. That’s why working here is so much more than a job. When you’re a part of our TJX family, you have the full support of a diverse, close-knit group of people that work together to deliver the best value and style in the business. Our inventory is always changing and our approach is continually evolving, which means every day is another chance to Discover Different.
We care about our culture, but we also prioritize the tangible stuff – competitive pay, great benefits, and a great group of people.
We consider all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity and expression, marital or military status. We also provide reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.