Sr Mgr, Information Security
HD Supply · Atlanta, GA · 6 mo ago
Information TechnologyFull-time
Key Responsibilities
- Perform and lead information security risk assessments across applications, infrastructure, cloud environments, and business processes.
- Maintain risk registers, document findings, assign remediation actions, and track closure.
- Conduct threat modeling and control gap analyses in collaboration with engineering and security teams.
- Perform and review third-party/vendor security risk assessments and questionnaires.
- Directly manage compliance efforts for frameworks and regulations such as ISO 27001, SOC 2, PCI DSS, SOX, GDPR, or HIPAA (as applicable).
- Prepare audit evidence, coordinate walkthroughs, and respond to auditor and regulator requests.
- Execute control testing and validate control design and operating effectiveness.
- Track remediation plans and validate corrective actions.
- Draft, update, and maintain information security policies, standards, and procedures.
- Map technical and administrative controls to compliance requirements and business risks.
- Work hands-on with system owners to design and implement security controls.
- Administer and optimize GRC tools (e.g., Varonis, Lighbeam, Tenable, Auditboard etc).
- Build risk dashboards, compliance metrics, and executive-level reporting.
- Automate evidence collection and control monitoring where possible.
- Work closely with IT, Cloud, DevOps, Security Operations, Legal, Privacy, and Internal Audit teams.
- Provide actionable security guidance during system design, cloud migrations, and vendor onboarding.
- Act as a subject matter expert for security risk and compliance inquiries.
- Lead by example with direct execution while mentoring junior risk and compliance staff.
- Review work products, provide hands-on coaching, and ensure quality and consistency.
- Support hiring and onboarding of risk and compliance team members as needed.
Required Qualifications
- Bachelor’s degree in Information Security, Computer Science, or related field.
- 8–12+ years of experience in information security, risk, compliance, or IT audit roles.
- Strong hands-on experience with risk assessments, audits, and control testing.
- Practical working knowledge of NIST CSF, ISO 27001/27002, SOC 2, and cloud security controls.
- Ability to independently manage multiple assessments and audits end-to-end.
Key Skills & Competencies
- Deep technical understanding of security controls and risk mitigation.
- Strong documentation and evidence management skills.
- Ability to translate compliance requirements into technical actions.
- Comfortable working in fast-paced, hands-on environments.
- Strong problem-solving and attention to detail.