Are you ready to explore the corporate side of retail? The TJX Companies, Inc. is the leading off-price apparel and home fashions retailer in the U.S. and worldwide, operating four major divisions -- Marmaxx (T.J. Maxx and Marshalls) and HomeGoods in the United
State: s; TJX Canada (Winners, HomeSense and Marshalls); and TJX Europe (T.K. Maxx and HomeSense). In late 2012, we acquired Sierra Trading Post, an off-price, Internet retailer of apparel and home fashions, bringing it into our family of businesses. With over $26 billion in revenues in 2012, more than 3,000 stores, and approximately 179,000 Associates, success is always in style at TJX. We at TJX understand that both our customers and the talent pool from which our Associates come are increasingly diverse. Our core values of respect, integrity and fairness are inherent in the relationships we build with each other, our vendors and our customers. We are committed to leveraging the differences among our Associates and customers to create both a diversified mix of talent within TJX and a diversified mix of merchandise within our stores. We consider the unique views and opinions of our Associates to be key to our growth and success in the future.
Senior IT Security and Risk Analyst
The IT Security and Risk Analyst III will assist with the different activities in TJX's IT Security Risk Assurance program, including supporting a IT Security and Risk Dashboard system, formalizing TJX's IT Security risk framework, conducting TJX's annual IT Risk assessment, and other program support activities.
Responsibilities:
IT Risk Dashboard: Helps to create and maintain TJX's IT Security and Risk Dashboard system, including designing new reports and dashboards, working with constituent groups (IT Security Engineering, BIA/BCP, DR, Asset Management) to obtain and validate necessary information on assets, threats, vulnerabilities, business impacts, etc.
IT Risk Framework: Assists with establishing the underlying methodology to perform risk analyses of IT Security's impact on TJX's business, and with documenting the methodology.
IT Risk Assessments: Performs basic to complex IT security and risk assessments with minimal supervision. Collects data from a variety of areas, conducts accurate evaluations of IT security gaps, and draws business impact conclusions. For example, works with internal audit and compliance teams to understand, correlate, and consolidate findings related to TJX's IT security posture. Assists with various phases of TJX's annual information security risk assessment report, including analyzing TJX's IT assets, controls, threats, and vulnerabilities to determine business impacts and impact likelihoods.
Program Support: Acts as a subject matter expert to ensure the user community understands and follows necessary procedures to maintain security. Assists with other aspects of the IT Risk Assurance program, including maintaining the incident management plan, overseeing incident response training, writing and maintaining IT security policies, supporting the IT Security mailboxes. Familiar with IT regulations, PCI, Sarbanes-Oxley, Massachusetts and other privacy laws.
Requirements:
- Broad-based IT Security background with the ability to understand issues in access control, networking, application security, secure development, etc.
- Very strong analytical skills, including the ability to collect raw assessment data, determine which areas require further investigation, which areas are important, determine material IT Security and business impact findings, and present those findings clearly in reports and presentations.
- Working knowledge of risk frameworks, such as ISO 27005, NIST SP 800-30. Experience with OCTAVE, NIST SP800-39, or FAIR a plus.
- Advanced ability to use Excel to create graphs and pivot tables. Experience with Microsoft SQL Server Reporting, Microsoft Access Reporting, or GRC tools a plus.
- Excellent verbal and written communication skills.
- Minimum 5 years' experience in a large IT environment.
- Bachelor's degree in Information Systems/Information Security, or equivalent job experience.
- CISSP or equivalent required or to be obtained within six months.
What's In It For You?
At the TJX Companies, Inc., conveniently located directly off both the Mass Pike and Route 9, you'll not
only enjoy the security of working for a stable and profitable industry leader, but you'll also enjoy the benefits
that go along with it, such as: Medical/Dental/Life insurance, a Dependent Care Spending Account,
Associate Discounts and a Savings/Profit Sharing 401(k) Plan.
Click Here for a full list of the benefits of working for The TJX Companies, Inc.
TJX is an equal opportunity employer committed to workplace diversity.
Posting Notes: Framingham -- Massachusetts