Company:Driven Brands
We invite you to join us at Driven Brands!
Headquartered in Charlotte, NC, Driven Brands (NASDAQ: DRVN) is the largest automotive services company in North America, providing a range of consumer and commercial automotive needs, including paint, collision, glass, vehicle repair, oil change, maintenance and car wash.
With over 4,500 centers in 15 countries, Driven Brands is the parent company of some of North America’s leading automotive service brands including Take 5 Oil Change, Take 5 Car Wash, Driven Glass, Meineke, Maaco, CARSTAR, and more. Our network services over 50 million vehicles annually and generates more than $5 billion in system-wide sales each year.
Our culture inspires high performance and innovation, enabling our employees to go further, faster in their careers. With amazing people and great brands, we confidently look forward to exciting growth ahead, and believe in following the values that support this vision.
JOB DESCRIPTION:
Driven Brands Information Security Team is seeking an experienced and highly motivated individual to join our team as an Information Security Senior Analyst. This position will perform risk assessments, audit and review security controls, write findings, make appropriate recommendations for improvement and track outcomes from those activities.
This position will also review and analyze risks with 3rd party vendors and suppliers, collaborate with vendors and multiple teams across IT, and evaluate business processes from a security perspective to enhance the organization's security posture. Our ideal candidate will understand regulatory security guidance emphasizng NIST controls.
Responsibilities
-
Perform risk assessments and audit reviews and make appropriate recommendations for improvement.
-
Develop and formulate comprehensive reports detailing the findings, areas of non-compliance, required POA&Ms (Plan of Action and Milestones), environmental observations, and incident reports.
-
Review, update, and manage security-related audit plans, security plans, and risk plan documentation for accuracy and consistency, proactively solving problems.
-
Prepare audit documentation that supports audit results, drafting and editing audit findings to adhere to the standards and the agency's writing style.
-
Collect and review evidence to ensure we can attest security controls are operating effectively.
-
Develop, review, and manage IT Policies, Procedures, Standards, and Guidelines.
-
Research agency and industry IT security best practices, standards, laws, regulations, and other applicable resources, to ensure security and privacy framework compliance.
-
Direct third-party security risk assessments and research and recommend remediation plans and strategies.
-
Create reports, summaries, presentations, and process documents to display results.
-
Influence and negotiate appropriate actions to mitigate or prevent failures related to identified risks.
-
Collaborate with other team members and external and internal auditors to analyze and present data effectively.
-
As needed, assist with security project implementations related to risk management or internal team needs.
-
Keep informed of current risks, security issues, threats, protection strategies, or legal and regulatory developments.
-
Serve as a mentor to less experienced staff.
Qualifications
-
Bachelor’s Degree or security/compliance certifications.
-
2+ years of direct experience as a senior security analyst.
-
Familiarity with security control frameworks such as NIST, ISO 27001, etc.
-
Familiarity with privacy regulations such as CCPA, GDPR, etc.
-
Ability to effectively communicate on complex issues with a high level of effectiveness.
-
Must be a self-starter with the ability to manage multiple work assignments and priorities with urgent deadlines, maintaining excellent customer service skills, while working in a fast-paced team environment.
-
Strong analytical, technical and communication (verbal and written) skills are required.
-
Knowledge of IT Security concepts and controls.
-
Candidate will also have experience with regulatory compliance from an Information Security perspective, broad knowledge across all information security domains, information security control testing experience, risk/compliance assessment experience, and technical writing skills.
#LI-KD1
#LI-REMOTE
#DBCORP