Information Security Assistant Analyst
Abercrombie & Fitch - Columbus, OH
Position Title: Assistant Analyst, Information Security
Reports to: Information Security Manager
Location: Home Office – New Albany, OH
Description:
The successful candidate will contribute to the IT compliance and risk division of the Information Security team for Abercrombie & Fitch, an international specialty retail organization. The information security group assesses, manages, and improves the organization’s information technology risk and security posture. This position will work with multiple groups on a daily basis requiring strong verbal and written communication skills, as well as the ability to think critically.
Responsibilities:
- Primary lead on the annual Payment Card Industry assessment with the following tasks: determine the PCI testing scope, provide required evidence, provide status updates to business leaders and QSAs, update security policies and procedures, identify gaps in controls and mitigate those gaps throughout the year
- Identify and document risks presented to the IT organization
- Remediate any Sarbanes-Oxley deficiencies that are found during the annual audit. This includes working with a variety of groups within IT to develop a plan to remediate all deficiencies
- Develop and implement effective security awareness programs that include: Identifying key high risks groups in the organization, creating educational information and presentations targeted to each high risk group, performing monthly phishing campaigns using a third party tool, investigating and responding to all phishing emails from associates
- Assist in the assessment of Abercrombie’s information technology practices against critical security controls, NIST, and regulatory standards
- Partner with the information security operations team in any investigations
- Create on-boarding materials for information security new hires
Qualifications:
- BA required in information technology or related field (computer science, MIS, engineering, etc.)
- Ability to work independently
- Proactively take action on objectives, tasks, and assignments
- Prioritize competing demands for time and attention
- Strong oral and written communications
- Technical proficiency in the following technologies is favorable: active directory, ACL, PhishMe, Email Gateways
- Knowledge of the following is a plus: network configuration, Windows and Unix OS administration, SSAE-16 audit procedures, PCI-DSS 3.2
Posted: 30+ days ago
