Lead Cyber Risk Analyst

Description

Your Role

The Lead Cyber Risk Analyst is responsible for developing, implementing, and maturing VS&CO information security risk framework to help ensure cyber risks are consistently and effectively identified, prioritized, articulated, and reported.

Why You Belong Here

At Victoria’s Secret, we acknowledge your value. We recognize that every associate has something unique to add to our brand and business. We strive to recruit, retain, and advance diverse talent that reflects the customers we serve and the communities where we live and work. We foster a culture where everyone belongs because we know our business thrives most when we look for, listen to, and amplify diversity, equity, and inclusion.

We place the customer at the heart of everything we do. We dream big, embrace curiosity and creativity while always learning from our mistakes. We lead with integrity, trust, and respect to achieve the best outcomes as one team.

Your Impact

• Develop, implement, and mature security risk management framework, including risk methodology (FAIR, FAIR-MAM, FAIR-CAM), risk analysis, and risk reporting.
• Build relationships with other cybersecurity team members and technical teams to develop knowledge of VS&CO system environments, threat landscape, attack paths, and technical controls.
• Build relationships with business partners to leverage key business metrics and business impacts in our risk analysis.
• Develop risk scenarios that are meaningful to our stakeholders, both business and technical.
• Establish, maintain, and mature security risk register.
• Identify evolving risk scenarios for analysis.
• Communicate cyber risk to stakeholders in timely fashion to inform decision making.
• Peer review identified risks and analysis by other analysts.
• Gather, analyze, and report status and metrics on risks.
• Develop and mature risk management dashboards and reports to inform risk prioritization, risk remediation, and cyber leadership decision making.
• Develop subject matter expertise in using our cyber risk quantification software and partner with our software vendor in the support of the platform.
  
  

Click here for benefit details related to this position.

Minimum Salary: $107,000.00

Maximum Salary: $145,950.00

VS&Co provides a range of compensation for this role as shown. Your actual salary will be determined by a number of factors, including: your specific skills and experience, geographic region, or other relevant factors.

Qualifications

Your Experience

• 5+ years of experience in information security, risk management and/or IT (Information Technology) audit fields.
• Bachelor’s Degree in Information Technology/Information Security/Mathematics/Business preferred.
• Solid communication and cross-functional collaboration skills.
• Certifications preferred: FAIR fundamentals, FAIR analyst, CRISC
• Strong analytical, research, and problem-solving skills.
• Experience in qualitative and quantitative risk assessment.
• Experience mentoring junior staff.
• Experience leading meetings with cross functional teams to collect information.
  
  

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws. Please see links: California Fair Chance Act, Los Angeles Fair Chance Initiative for Hiring Ordinance, Philadelphia Fair Chance Law, San Francisco Fair Chance Ordinance, Los Angeles County Fair Chance Ordinance

An equal opportunity employer, we do not discriminate in hiring or terms and conditions of employment because of an individual’s race, color, religion, gender, gender identity, national origin, citizenship, age, disability, sexual orientation, marital status or any other protected category recognized by state, federal or local laws. We only hire individuals authorized for employment in the United States.