IT Security Risk Management- Staff Systems Engineer - Full-time / Part-time

POSITION PURPOSE

The Home Depot in Marietta, GA is seeking a Staff Engineer- IT Security Risk Management.  The Staff Systems Engineer’s core responsibilities are to conduct application information security assessments. Additional responsibilities may include leading process improvement activities, participating in information security assessment special projects and other assessment related activities.

The position will be expected to:
* Understand complex business and information technology management processes.
* Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.
* Develop an understanding of IT control environment and perform basic risk management approaches to evaluate IT controls.
* Actively participate in decision making with internal Home Depot management and/or third parties for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
* Establish and nurture positive working relationships with third parties and service managers with the intention to exceed their expectations.
* Assess IT general controls and/or application layer security controls to ascertain whether they comply with Home Depot policies.
* Generate innovative ideas and challenge the status quo.
Responsibilities consist of:
* Developing, implementing, enforcement and validating of information security policies, standards, methods and procedures and monitors compliance across the enterprise.
* Build and implementing security awareness programs within the business unit.
* Performs procedures and assessments necessary to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.
* Investigate, document, and resolve information security incidents.
* Ensures users understand and adhere to necessary procedures to maintain security.
* Advises management of critical issues that may affect customers, suppliers or company.
* Responsible for managing the relationship with assigned business units with regard to the Information Security Program.
* Oversees the risk assessment and information security awareness processes. I
* Interface with end users as well as all levels of management, Senior Executives; and technical and business sources.
* Responsible for a deep understanding of business processes and technology used within the assigned areas to ensure that the business is in compliance with regulatory requirements and the Home Depot Information Security Policy and applicable procedures, processes and standards.
* Acts as primary Technology Risk and Compliance (TRaC) representative on higher risk projects to ensure that information security risks are managed and the TRaC risk assessment process is followed.
* Reviews work performed by less experienced TRaC Governance resources for high risk assessment activities.
* Serves as Program Owner and provides maintenance of program documentation procedures and processes to ensure compliance with changes in business or regulatory drivers.

The Staff Systems Engineer develops, maintains, and supports The Home Depot's technical infrastructure that includes network, hardware, database, and system software components.  The Staff Systems Engineer is responsible for collaborating with and enabling product teams with infrastructure. Staff Systems Engineers are expected to leverage tooling and custom applications to monitor and optimize performance. Staff Systems Engineers lead the stand up of physical and virtual infrastructure to meet evolving enterprise and product team needs. In addition, Staff Systems Engineers may lead the selection and rollout of field and corporate technology.
As a Staff Systems Engineer, you will be a core player that participates and leads multiple efforts simultaneously. You are expected to build and grow the skillsets of more junior Engineers on the team.

MAJOR TASKS, RESPONSIBILITES AND KEY ACCOUNTABILITIES
20% - Strategy & Planning:
Researches and analyzes business trends and behavioral data to identify opportunities for improvements and new initiatives
Leads the evaluation, development, and recommendation of specific technology products and platforms to provide cost-effective solutions that meet business and technology requirements
Researches and designs best fit infrastructure, network, database, and security architectures for products
Proactively creates and maintains tools for monitoring and support
Participates in project planning and management across multiple efforts
Develops formal training courses
30% - Delivery & Execution:
Leads configuration, debugging, and support for infrastructure
Leads field and corporate roll-outs of technology
Leads the stand up of necessary system software, hardware, and equipment (physical or virtual) to meet changing infrastructure needs
Creates and optimizes specifications for technology solutions
Produces and manages purchase requests for hardware and software
40% - Support & Enablement:
Collaborates with product and project teams to understand needs and enable them with infrastructure
Supports technology architecture design review efforts for project and product teams
Leverages tooling and custom applications to monitor the operational status of applications, infrastructure, networks, databases, and security; optimizes and tunes performance as appropriate
Drives root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions
Maintains, upgrades, and supports existing systems and infrastructure to ensure operational stability
Acts as a vendor liaison, owning resourcing, issue management, and documentation
Leads the production of in-house documentation around solutions
Monitors tools and proactively helps teams struggling with systems issues
Provides application support for software running in production
Creates scripts and tools that drive automation and enable product teams and end users to move towards self service
Acts as a mentor to more junior Systems Engineers
10% - Learning:
Keeps abreast of innovations and industry trends as well as changes to internal systems and determines how they impacts tools, training, and support necessary to keep systems up, running, and secure
Participates in and contributes to learning activities around modern systems engineering core practices (communities of practice)
Proactively views articles, tutorials, and videos to learn about new technologies and best practices being used within other technology organizations

NATURE AND SCOPE
Typically reports to the Systems Engineer Manager or Sr. Manager.

ENVIRONMENTAL JOB REQUIREMENTS
Environment:
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Travel:
Typically requires overnight travel less than 10% of the time.
Additional Environmental Job Requirements: MINIMUM QUALIFICATIONS
Must be eighteen years of age or older.
Must be legally permitted to work in the United States.

Additional Minimum Qualifications:
Must be legally permitted to work in the United States

Education Required:
The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to the job.

Years of Relevant Work Experience: 3 years

Physical Requirements:
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.

Additional Qualifications:
Preferred Qualifications:

Bachelor degree or an equivalent combination of education and work experience. 6 years information security experience or a combination of information technology work experience and information security experience. Demonstrate solid knowledge of information security risks and countermeasures, PCI and other information security and control frameworks. Demonstrate effective verbal and written communication skills for the purpose of explaining technical information to clients, vendors, senior management and staff and ability to apply knowledge and deductive reasoning. Strong analytical, problem solving, organizational, documentation; time management skills. Strong attention to detail. Strong relationship and facilitation skills. Proficient with Microsoft Word, Excel, PowerPoint, and Access. Information Security certification such as CISSP.

Ideal Candidate will -
- Demonstrate professional skepticism to ensure evidence is sufficient when assessing the relevant controls
- Communicate and present concisely and effectively based on the appropriate level of management
- Manage competing deadlines and prioritize responsibilities to effectively meet business needs
- Develop and teach less experienced staff
- Work both independently and as part of a team at all levels and across departments
- Demonstrate an understanding of business processes, internal control risk management, IT controls, and how they interact together
- Demonstrate leadership and problem solving skills
- Possess advanced interview skills to tailor the types of questions based on responses provided by internal personnel or supplier contacts

Knowledge, Skills, Abilities and Competencies:

Cultivates Innovation: Creating new and better ways for the organization to be successful
Action Oriented: Taking on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm
Business Insight: Applying knowledge of business and the marketplace to advance the organization s goals
Collaborates: Building partnerships and working collaboratively with others to meet shared objectives
Communicates Effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences
Drives Results: Consistently achieving results, even under tough circumstances
Global Perspective: Taking a broad view when approaching issues; using a global lens
Interpersonal Savvy: Relating openly and comfortably with diverse groups of people
Manages Ambiguity: Operating effectively, even when things are not certain or the way forward is not clear
Optimizes Work Processes: Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement
Self-Development: Actively seeing new ways to grow and be challenged, using both formal and informal development channels
Situational Adaptability: Adapting approach and demeanor in real time to match the shifting demands of different situations