Summary

AutoZone is looking for a professional who has a deep understanding of privacy, governance, and assessment of enterprise portfolio management, cybersecurity, regulatory, vendor management, security training, and data management. This person will be responsible for the execution, and delivery of ITGRC programs to mature the privacy, governance, risk and compliance practices at AutoZone and positively impact related information security risks. We need a passionate individual who can scale across roles and is flexible to work with a diverse team. This role will collaborate globally with internal stakeholders from every functional area to ensure engagements are addressing current and emerging threats, resulting in the protection of AutoZone’s sensitive data. This includes teaching domain expertise, providing technical guidance and mentoring, supporting the customers, resolving problems, and training as required.

Responsibilities

• Identify security concerns and mitigating controls; identify, document, and manage risks to AutoZone data, systems, and processes.
• Accurate work planning and execution; accurate project and time tracking.
• Teaching, coaching, and technical mentoring security subject matter expertise to less senior security analysts and engineers.

• Work collaboratively with department and organizational leadership to define and manage Third Party Risk Management best practices
• Provide direction and oversight of enterprise security training workflows, assessment gaps, information security risks, and remediation recommendations
• Oversee and direct a variety of security risk assessments with AutoZone’s community, providing advisory support to the business partners on the evaluation of risks, development of remediation plans.
• Partner with external stakeholders to define and implement processes that result in the reduction of cyber risk
• Drive the enhancement and use of Governance, Risk, and Compliance technology-based tools to record risk levels, automate risk assessments, and facilitate risk monitoring
• Mentor team members on information security controls, standards and best practices related to applicable cybersecurity, privacy regulations, and third-party digital risk
• Assist internal auditors with special projects and oversee remediation completion and reporting
• Forge partnerships with internal stakeholders through the delivery of "Value" risk management and advisory services
• Administer risk assessments for the US, Mexico, Brazil and China vendors researching global risk, privacy and compliance regulations and standards
• Write, communicate and present reports, including executive summaries, detailing the assessment work completed, evidence reviewed, identified risks and recommended next steps for vendor engagement

• Partner closely with Legal team to drive customer satisfaction by jointly conducting reviews and streamlining communication among all parties

Required Skills & Experience

• Bachelor’s Degree or equivalent work experience
• Typically eight plus years’ security and / or cyber risk management experience in a mid- to large-enterprise environment
• Advanced task estimation, planning and execution skills
• Advanced problem solving, domain technical and analytical skills
• Advanced system design and implementation skills
• Advanced knowledge of more than one of the following functional areas:

• IT Security Training and Awareness
• Enterprise compliance, internal/external audits, and risk management - methods and techniques for the assessment and management of risk
• Risk management and compliance program development leveraging HIPAA, Sarbanes Oxley (SOX), FERPA, PCI DSS, Information Security awareness, policy and standards
• TPRM Program experience
• Experience in IT Security, Governance, standards, frameworks, and controls such as HITRUST, SOC, NIST, COBIT FFIEC, COSO, ISO-31000, and PCI-DSS Experience with large enterprise system platforms such as EMR/EHR, PeopleSoft, Oracle databases, Windows and UNIX/LINUX
• Cloud-based application/environment security requirements
• Project Management experience
• Ability to operate as a self-motivated, pro-active, and result-driven problem solver with excellent analytical and interpersonal skills
• Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
• Ability to work with diverse contacts throughout the world to achieve results
• Ability to communicate technical issues to non-technical people
• Ability to apply sound judgment in evaluating risks and controls; effectively challenge the business on the identification and acceptance of risks and the adequacy of controls
• Privacy knowledge – CCPA/CPRA, LGPD, GDPR, etc.

Qualifications Preferred:

• One or more of the following Certifications (preferred): CISSP, CIPP Series, CGEIT, CISM, CISA, CRISC, PMP.