Sr Manager, Information Security - Cyber Risk Management

Your ImpactThe primary purpose of this role is to manage a team of professionals focused on identifying and treating potential information security risks to the environment. This role will engage across Lowe's to assess, monitor, and govern cyber risks to optimize our risk profile. This job also maintains proper assessment of threats, management of industry trends, and the monitoring of different environments to minimize information security and risk exposure for the organization. In addition, this role provides insight and recommendations to inform the ongoing strategy for health and care of assigned security processes and tools.The Sr. Manager is accountable for proactive identification, management, and escalation of compliance and operational risks through the execution of some or all of the below-identified activities. This role exercises judgment, and influence and may constructively challenge leaders to support the Information Security Program objectives, balancing business strategy within Lowe’s risk tolerance.The Sr. Manager plans, drives, and reviews team deliverables to support consistent quality of activities, processes, and outputs. The ideal candidate will be a highly motivated self-starter who can deliver results with minimal direction and excel at effective communication at various levels in the organization. This role will be responsible for providing leadership direction to attract, assess, develop, motivate, and retain a team.What You Will Do;• Serves as an escalation point for complex or unresolved technology security issues; manages escalated issues effectively or further escalates issues to senior management when appropriate; raises business risks associated with technical issues to senior management.• Manages reports and documents drafted by team members regarding potential risks in different environments based on research findings and industry trends.• Oversees the improvement of cyber engagement across the organization by providing cyber security inputs to appropriately secure technologies and strategic initiatives.• Deals effectively with ambiguous and unstructured problems and situations.• Provide assessments, monitoring, and reporting of information security risks and compliance with security standards.• Work with business partners and colleagues to institute risk-mitigating controls where necessary.• Provide subject matter expertise to assist in establishing an annual learning plan and may be accountable for developing and delivering training content.• Provides guidance on information security-owned policies, standards, and procedures to ensure regulatory and operational risk requirements are appropriately addressed.• Contributes to or leads the development of risk coverage plans, executes and/or oversees the execution of independent risk monitoring, testing, and risk assessments, and communicates results.• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation.• Leads collaboration with technical teams to identify, resolve, and mitigate information security risk findings.• Provide direction to the team(s) (often dispersed globally between the US and India), ensuring team members deliver work that meets customer requirements as well as internal team objectives.• Communicates the vision for the overall function to team members, ensuring everyone understands the team.• Works cross-functionally to manage and organize work processes and ensure the most efficient and effective workflow of enterprise-level security programs.• Leads the implementation of various information security projects to ensure strong governance and/or operations across Information Security at Lowe’s.• Leads efforts to document team processes, procedures, and guidelines as needed to support operations and audit requirements.• Protects the integrity, confidentiality, and availability of information in the custody of or processed by the company.• Reports against Objectives and Key Results (OKRs) that demonstrate the level of compliance with Information Security Management; provides feedback to help evolve the OKR strategy.• Reviews the development of processes to best monitor different environments using security tools to identify possible threats and risks to the organization's network environment.• Experience building compelling dashboards and reports for executive reporting.• Advanced analytical skills that demonstrate their ability to learn how to navigate systems, access data, reconcile numbers from different sources, identify discrepancies, and understand drivers of change within data.Required Qualifications:• Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)• 8 Years of IT experience with a broad range of exposure to all aspects of business/system planning, analysis, and application development• 3 Years Experience leading project or technical teams with or without formal direct report responsibility; this includes experience providing technical direction, thought leadership, coaching, and mentoring to team members.• 4 years of experience with information security tools, concepts, and practices• Familiarity with multi-platform technology environments and their operational/security considerations.• Experience managing projects and project resources to meet goals on simultaneous/multiple projects.Preferred Qualifications:• IT experience in the retail industry• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen).• Experience in a PCI/Retail technology environment.• Experience leading global teams.• Broad knowledge of infrastructure (network and servers), network architecture, services, and security policies• Experience in one or more of the following fields: technical, security or privacy education/training, information security, external/internal audit, risk management.• Experience conducting or leading PCI-DSS assessments.• Knowledge of retail regulatory scope (PCI, SOX, etc.)Where You’ll Be;• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.• Lowe’s supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub• Most business meetings are planned around the Eastern time zone.About USLowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2023 sales of more than $86 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit www.Lowes.comLowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.Pay Range: $122,600.00 - $232,900.00 annually Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.