Clicking on the following button will update the content below

Senior Specialist, Third Party Security Risk Assessments
BrandBest Buy

Best Buy places the highest importance on the confidentiality, availability and integrity of customer, company and employee information. As a member of Best Buy’s Enterprise Risk and Compliance team, you will play a critical role to ensure that customer, company and employee information is secure while enabling technology and business partners throughout Best Buy to innovate, drive sales and provide superior customer care in our stores, online and through our various contact channels.

Under the direction of the Chief Risk & Compliance Officer, Sr. Director and/or other department leadership and in partnership with various area(s) of the company; the Senior Specialist, Third Party Security Risk Assessments will manage and execute risk assessments to identify, managed and communicate risk across the enterprise. This role will work with various teams within the Best Buy Enterprise, including Privacy, Legal, IT and Procurement to advise on third party risk topics to include information security, privacy, business resiliency, compliance and insurance. In addition, support of team processes will be a core job duty to ensure maintenance of reports, intake and other tasks as needed.

What will you do?
  • Conduct third party risk assessments of Best Buy vendors enterprise-wide.
    • Execute, coordinate and support risk assessments to identify and prioritize risks.
    • Facilitate and analyze responses with Risk Profiles to ensure the appropriate level of risk is assigned to each vendor service line.
    • Assess security risks and prioritize them based on existing, internally approved information risk ranking models.
    • Organize and maintain reporting within Archer eGRC to ensure that identified security risks are remediated in an appropriate manner.
    • Support team as need arises regarding Archer eGRC project, Mergers & Acquisition, PCI Compliance, Strategic Growth Office initiatives, and onsite assessments.
  • Advise partners regarding inherent and residual risk posed by third parties.
    • Effectively communicate roles and responsibilities pertaining to the assessment process and finding remediation with internal business teams and external vendors.
    • Assist in communications to and gaining buy-in from business partners on impact, likelihood and severity of risks in driving risk remediation efforts.
    • Collaborate with various audiences, including Security Architecture, Application Security, IT, BC/DR, Legal, Procurement and others.
  • Maintain relationships with teams enterprise-wide through clear, consistent communication.
    • Support team intake to ensure appropriate responses and resources are communicated to enterprise partners regarding general questions, assessment requests and other inquiries as needed.
    • Coordinate and support team presentations to cross-functional teams on value of proactively engaging with Third Party Risk team

Basic Requirements (You must meet or exceed all basic requirements to be eligible):
  • Minimum 3 years of experience in Information Security, Risk Assessments and/or Auditing
  • 2 years experience performing risk assessments or audits
  • Familiarity with the Payment Card Industry Data Security Standard (PCI DSS), NIST Cyber Security Framework (CSF), and ISO 27000 series
  • Willingness to travel 10%

Preferred Qualifications:
  • Bachelor’s degree (or 5+ years of general relevant experience)
  • Experience with Archer eGRC Platform (ability to create dashboards, iViews and basic reports).
  • Experience with Sharepoint and MS Office.
  • Ability to work with a start-up mentality inside of a large organization to provide security. recommendations with the business strategy and goals in mind.
  • Strong interpersonal and communication skills with the ability to develop productive working relationships with technical and non-technical teams.Ability to work in a fast-paced environment within a team and independently as well
  • Ability to communicate issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner
  • Ability to gather facts, insights to present thoughtful security recommendations to partners and leadership.
  • CISSP and/or CISA Certification
  • IT, information security, business administration, compliance, financial, audit and/or legal experience
  • Experience in Corporate Retail environment
  • Experience using eGRC tools for reporting risk metrics
  • Strong knowledge of IT and physical security controls.

How we take care of our employees!
In addition to offering a challenging and fulfilling opportunity, we have a competitive salary and bonus program, full benefits including 23 days of PTO (that is 4 weeks!), and a generous employee discount. Our campus has many amazing amenities, including: full cafeteria, fitness center, onsite discounted daycare, not 1 but 2 Caribou’s, US Bank, dry-cleaning service, company store, Farmers Market ONSITE every week, and free covered parking (you won’t have to brush snow off of your car in the winter!)

Auto Req. ID700159BR
Employment CategoryInformation Security - EIP
Job LevelIndividual Contributor
Location Number957476-105-Policy and Governance
Address7601 Penn Avenue South


Clicking on the following button will update the content below