Senior Analyst, Risk & Compliance
Who We Are:
HBC is a diversified retailer focused on driving the performance of high-quality stores and their omni-channel platforms and unlocking the value of real estate holdings. Founded in 1670, HBC is the oldest company in North America. HBC’s portfolio today includes formats ranging from luxury to premium department stores to off price fashion shopping destinations, with 350 stores and more than 45,000 employees around the world. HBC’s leading businesses across North America include Saks Fifth Avenue, Hudson’s Bay, and Saks OFF 5TH.
HBC also has significant investments in joint ventures. It has partnered with Simon Property Group Inc. in the HBS Global Properties Joint Venture, which owns properties in the United States. In Canada, it has partnered with RioCan Real Estate Investment Trust in the RioCan-HBC Joint Venture. HBC has partnered with SIGNA Retail Holdings for real estate and retail joint ventures in Europe.
A truly global corporate citizen, HBC is committed to responsible business practices to bring about positive change, and we work hard to shape a sustainable future for people and the planet. Our philanthropic initiatives help create healthy families, strong communities, and sport excellence in the cities and countries in which we operate around the world, while striving to create innovative programs and resources that provide flexibility for work-life balance in order to maintain a positive working environment
What This Position Is All About:
The Information Security Specialist plays a vital role in protecting the Hudson Bay Company’s (HBC) information assets by proactively identifying risks and implementing appropriate controls in accordance with HBC’s information security program. The information security specialist works collaboratively with other members of HBC’s IT Security, Information Technology and Legal teams to ensure the protection of the Company’s information assets.
Who You Are
- You painlessly overcome obstacles while respecting others’ points of view and positions
- You believe that teamwork is critical for long lasting success
- You strive to be a thought-leader in your area of expertise. This means, you are always self-learning, connected and informed on what is going on in your industry, and are genuinely interested in implementing and improving best practices.
- You have demonstrated relationship-building, leadership and project management skills
- You have strong relationship building skills, and are able to communicate effectively with senior management across numerous departments
- You have a proven ability to multi-task in a fast paced environment
- You have a demonstrated ability to quickly shift priorities without being totally thrown off
- You are flexible, and can adapt to change well
- You should be a highly driven and results oriented individual, comfortable in a dynamic, fast-paced, and changing environment
As the Information Security Specialist, You Will:
Ability to support the Information Security goals: Confidentiality, Integrity, Availability of data
• Develop and implement information security policies and standards in accordance with HBC’s goals and objectives and help drive compliance with regulatory and statutory requirements for data security and privacy including PCI-DSS, HIPAA, etc.,
• Consult with Information Technology staff and provide guidance in the definition of the appropriate security architecture and technical requirements necessary to address information security needs.
• Collaborate with IT Security, Information Technology, Legal, Human Resources and other business units to manage security risks, threats and vulnerabilities
• Coordinate, lead or participate in penetration tests, vulnerability scans and other risk assessments as necessary to protect HBC’s information assets
• Perform information security risk assessments on new products and systems; periodic information security risk assessments of existing systems; and information security risk assessments of third-party vendors
• Monitor compliance with information security policies and directives
• Manage and drive remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and other assessments
• Investigate potential security expertise/ incidents using forensically sound methods and techniques
• Participate in the continued development and implementation of HBC’s information security awareness program
• Assist with the development and implementation of information security metrics, measurement criteria and reporting to ensure compliance and continuous improvement
• Provide information security technology consultation for various business units as requested.
You Also Have:
• Bachelor Degree in computer science, engineering, information security, mathematics or an equivalent combination of education, training, and experience.
• A minimum of 3 years of work experience in Information Security, IT, IT Audit, or Compliance
• Relevant information security certifications preferred (i.e. CISSP, CISM, CFCE, GCFE, etc.)
• Strong knowledge of information systems security standards and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling)
• Strong experience in Windows and *nix environments
• Excellent understanding of TCP/IP and network communications
• Proven knowledge of network and server infrastructure technologies and devices including firewalls, routers, switches, etc.
• Demonstrable knowledge and experience with SIEM, IPS/IDS, VPN, Vulnerability Scanner, Active Directory, Malware Analysis, Penetration Testing, UNIX/Linux, Incident Response, Firewalls and APT Methodologies;
• Functional knowledge and experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Scripting, SQL)
• Proficiency with common program language used in information security (i.e. Python, PERL, VB, Java)
• Experience working as a member of an information security incident response team, conducting computer forensics analyses and performing investigative duties related to security policy violations
• Demonstrated knowledge of regulatory compliance requirements including PCI-DSS, HIPAA, etc.
• Strong problem solving and analytical skills
• Strong written and verbal communication skills
• Proficiency in Microsoft software: Outlook, Word, Excel, PowerPoint, Project and Visio
• Ability to quickly understand security systems in order to identify and validate security requirements
• Ability to manage multiple projects, priorities and deadlines
• Demonstrated initiative, customer orientation and team work competencies
• Adaptability, flexibility and ability to work as part of a team or in an individual capacity
• Must demonstrate effective, decision making, results delivery, and the ability to stay current with relevant technologies and security practices.
• Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays
• Ability to handle and maintain the integrity and confidentiality of highly sensitive material and information
• Ability to work in an office/remote environment and concentrate on complex tasks for extended periods of time
• Ability to lift and handle computer equipment and associated hardware
How Often you May Travel:
- 10% within North America
Your Life and Career at HBC:
- Be part of a world-class team; work with an adventurous spirit; think and act like an owner- operator!
- Exposure to rewarding career advancement opportunities, from retail to supply chain, to digital or corporate.
- A culture that promotes a healthy, fulfilling work/life balance
- Benefits package for all eligible full-time employees (including medical, vision and dental).
- An amazing employee discounts
Thank you for your interest with HBC. We look forward to reviewing your application.
HBC provides equal employment opportunities (EEO) to all employees and applicants for employment.