Clicking on the following button will update the content below

Associate Program Manager, Information Security Controls (Remote)
BrandBest Buy

The selected candidate will be responsible for the ongoing management and activities within the information security risk program which include controls identification, implementation, monitoring, and validation. The Associate Program Manager, Information Security Risk Management, will provide subject matter expertise to implement and enhance the information security risk management controls practices based on a defined framework and methodology.

To be successful in this role, the selected candidate will need to be comfortable building relationships and driving change through advocacy and influencing. They should have an understanding of various information security frameworks, such as NIST 800-30, while also possessing foundational IT competencies. This is a great opportunity for the right individual who is excited about working cross functionally across all aspects of information security risk.

  • Participate in the development of the information security risk management program, including participation in broader enterprise risk management activities.
  • Maintain Information Security Common Controls framework within the Archer GRC tool.
  • Identify and develop new Information Security Controls to mitigate areas of risk.
  • Build control ownership training materials and train control owners/performers on responsibilities.
  • Create and monitor controls dashboards and deliver reports to leadership.
  • Evaluate and validate information security controls for effectiveness.
  • Develop Information Security Controls process documentation.
  • Identity, collect, and analyze Information Security data to identify trends and make recommendations to reduce Information Security risk.
  • Monitor Issue Management Findings as they relate to ineffective controls.
  • Provide expertise based on industry experience and knowledge to ensure Best Buy remains in compliance with applicable standards and regulations, including evolving data security privacy principles.
Minimum Qualifications
  • 5 or more years of work experience within Information Security, Risk and Compliance, Information Technology, or IT Audit.
Preferred Qualifications
  • Bachelor's or advanced degree in Business, IT, Computer Science, Engineering, or related field or equivalent work experience
  • 1 or more years of experience with creating and documenting risk methodologies, maintaining risk registers, or operating a common controls framework.
  • Familiar with Archer or other Governance, Risk and Compliance (GRC) tools
  • Effective communicator, relationship builder, and advocate for sound risk management practices.
  • Excellent written and oral communication skills, inter-personal skills, and effective skills to support risk programs.
  • Ability to communicate effectively across all levels of the organization; provide formal reports and presentations to senior executives as required.
  • Knowledge of NIST and HIPAA/HITRUST; general understanding of other governance frameworks, such as PCI, Sarbanes Oxley (SOX), COBIT a plus.
  • Certifications such as CISSP/CISM/CRISC are desired.

Auto Req. ID795412BR
Employment CategoryFull Time
Job CategoryEnterprise Risk/Information Security & Compliance
Job LevelIndividual Contributor
Location Number957473-105-Risk & Compliance
Address7601 Penn Avenue South


Clicking on the following button will update the content below