Information Security Analyst II (GRC)

Company Description

Domino's Pizza, which began in 1960 as a single store location in Ypsilanti, MI, has had a lot to celebrate lately: we're a reshaped, reenergized brand of honesty, transparency and accountability - not to mention, great food! In the rise to becoming a true technology leader, the brand is now consistently one of the top five companies in online transactions and 65% of our sales in the U.S. are taken through digital channels. The brand continues to 'deliver the dream' to local business owners, 90% of which started as delivery drivers and pizza makers in our stores. That's just the tip of the iceberg...or as we might say, one "slice" of the pie! If this sounds like a brand you'd like to be a part of, consider joining our team!

Job Description

As Domino's continues to mature the information security program, we recognize the value of an Information Security Analyst as one of the key enablers of such a program.

The position is a critical member of the Information Security team. The role will report directly to the Information Security Governance, Risk & Compliance Manager, and will work closely with other Team Members in the GRC team and broader Infosec team. The role is also expected to establish a strong working relationship with various Domino's team members.

The position will play an integral role in Domino's Governance, Risk and Compliance (GRC) program, and the role is expected to collaborate in a positive manner with other functions within the Domino's Technology department and other Domino's business units.
The candidate is expected to have proven knowledge and experience in information security, IT compliance (focusing on PCI and SOX), IT risks and controls, privacy (CCPA and GDPR), and business operations.

Responsibilities and Duties

• Execute and/or assist with security compliance processes and/or assessments (e.g., PCI-DSS, Sarbanes-Oxley (SOX), CIS, NIST).
• Collaborate with key stakeholders outside of GRC to ensure that regular compliance activities (i.e., vulnerability scans, user access reviews, narrative updates) are kept on track to comply with PCI DSS and SOX requirements.
• Participate in Governance processes to identify security risks and mitigations while providing input on other technical risks.
• Monitor and measure risk, compliance, and assurance to assess the effectiveness of security controls. Analyze risk for new or modified applications or systems and confirm that the level of risk is within acceptable limits for each application.
• Work closely with internal and external auditors on SOX, PCI, and governance activities.
• Provide support to teams during security events, execute analysis, and provide accurate and timely feedback.
• Present technical information to technical and nontechnical audiences.
• Serve as an internal consultant and advisor in own area of expertise (e.g., GRC, PCI, SOX).
• Develop or assist in the development of policies and protocols for governance, compliance, and IAM requirements.
• Ensure that remediation plans are in place for deficiencies identified during assessments. Appropriately track remediation timelines and communicate with deficiency owners to ensure timely remediation.
• Collect metrics and trending data to help develop strategic insights. Provide actionable recommendations to stakeholders.
• Create concise and readable reports to summarize potential cybersecurity deficiencies as well as remediation efforts that can be shared with technology leadership. Establish automated processes where possible to maintain real-time dashboards to highlight key metrics.
• Approach responsibilities with a positive attitude to keep team morale and engagement levels high.

Qualifications

• A bachelor's or master's degree in Computer Science, Information Technology, Business Administration, or other related field.
• 3 to 5 years of general information technology work experience (more than 1 year of information security work experience in PCI and/or SOX is preferred for Infosec Analyst II role).
• Candidate should have exceptional troubleshooting and problem-solving skills.
• Candidate should be able to work in both group settings and independently.
• CISSP, CISA, CISM, CRISC, or other relevant certifications are desired, but not required.

Required Technical Skills

• Ability to communicate complex information in a clear, concise and organized manner with both technical and nontechnical audiences. Demonstrates skill in managing client relationships and expectations while showing a commitment to delivering quality results.
• Ability to apply critical thinking to evaluate information for reliability, validity, and relevance.
• Ability to function in a collaborative environment, seeking consultation with analysts and experts to leverage technical expertise. Demonstrates ability to ask questions to key stakeholders outside of the GRC team.
• Ability to understand cyber security impact to the organization and how to apply cybersecurity principles to organizational requirements (relevant to confidentiality, integrity, availability).
• Knowledge of Payment Card Industry (PCI) Data Security Standards.
• Knowledge of application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
• Knowledge of Sarbanes-Oxley (SOX) requirements, including IT General Controls, Application Controls, and SOD testing.
• General knowledge of industry standard cybersecurity governance frameworks, such as the CIS Critical Security Controls and NIST.
• Knowledge of risk management processes, cybersecurity and privacy principles, and cyber threats and vulnerabilities.
• Knowledge of information classification concepts. Knowledge of principles for managing risks related to handling of data and information.
• Knowledge of applicable business processes and operations.
• Knowledge of new and emerging IT, cybersecurity technologies, security issues, risks, and vulnerabilities.

Additional Information

Location: Ann Arbor MI (Onsite Mon-Thurs, with Friday being flexible)

All your information will be kept confidential according to EEO guidelines.