Senior Analyst, Governance Risk and Compliance

Job Description Job Description WHO WE ARE: Saks Global is the largest multi-brand luxury retailer in the world, comprising Saks Fifth Avenue, Neiman Marcus, Bergdorf Goodman, Saks OFF 5TH, Last Call and Horchow. Its retail portfolio includes 70 full-line luxury locations, additional off-price locations and five distinct e-commerce experiences. With talented colleagues focused on delivering on our strategic vision, The Art of You, Saks Global is redefining luxury shopping by offering each customer a personalized experience that is unmistakably their own. By leveraging the most comprehensive luxury customer data platform in North America, cutting-edge technology, and strong partnerships with the world's most esteemed brands, Saks Global is shaping the future of luxury retail. Saks Global Properties & Investments includes Saks Fifth Avenue and Neiman Marcus flagship properties and represents nearly 13 million square feet of prime U.S. real estate holdings and investments in luxury markets. You Will Be A key member of the Information Security organization. A dynamic Senior GRC Analyst that enjoys working on security challenges in a collaborative fashion. You will be responsible for establishing an Information Security governance framework, implementing security compliance programs with a strong focus on Risk Management, Third Party Risk Assessments (TPRA), IT Sarbanes Oxley and Payment Card Industry (PCI-DSS) compliance and the protection of sensitive data including the Personal Identifiable Information of employees and customers. What You Will Do - Following direction from the GRC leadership team, support the ITGC SOX program. - Perform IT SOX reviews and test ITGC controls. Gather and submit control evidence to internal and external auditors. - Review control evidence for adherence to accuracy, completeness, and precision of control execution for all ITGC. - Review test findings, perform root-cause and impact analyses for control deficiencies and develop remediation action plans that improve the control environment. - Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment. - Provide status reporting for IT SOX deliverables and meet prescribed deadlines. - Provide training to stakeholders in order to allow them to address concerns for our IT audit partners and Internal Audit. - Be a critical member for assessing controls in ITGC SOX, PCI DSS and technology internal controls programs. - Understand Data Privacy - e.g., PII - Personal Identifiable Information, and implement solutions to meet those regulations. Develop necessary capabilities, standards, and services, in partnership with Marketing, Product, and Technology departments, to protect sensitive information effectively. - Engages with business units to identify risks and track the implementation of risk mitigation plans. Assesses risk management tools, techniques, and procedures to enhance risk management capabilities throughout the enterprise. - Supports the development of metrics for the Information Security risk management reporting dashboard including the status of the security governance, risk remediation, and audit compliance efforts. - Assist in the implementation of governance and risk management solutions to automate processes and workflows. - Represent the information security program during contract negotiations. Participate in and support Third-Party Risk Assessment activities of prospective and existing vendors. - Provide input and direction into the development and maintenance of the Disaster Recovery and Business Continuity Plans. You Also Have - Minimum of 5 years experience in Information Security Governance Risk and Compliance role, preferably in the retail sector. - Expertise in Information Security Governance Risk and Compliance is required. - Expertise in IT SOX, ITGC, Technology Risk, Internal Controls. - Experience with information security controls frameworks (NIST 800-53, ISO27001, PCI-DSS). - Experience executing information security risk assessment methodologies and familiarization. - Experienced in assessing security risks in modern cloud Software as a Service (SaaS), Platform as a Service (SaaS), and Infrastructure as a Service (IaaS) technologies. - Experienced with evaluating and validating controls around the full technology stack from application, operating system, database, and networking layers. - Expertise in technical and business environment, familiarity with security standards, experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessments, and cyber-security and incident management. - Ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action as needed. - Ability and desire to lead projects and should have good presentation skills. - Ability to analyze, communicate, articulate risk, governance, and compliance trends and program requirements. - Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities. - Bachelor or master's in computer science, Information/Cyber security, and/or Information Systems What You Will Bring - Subject Matter Expertise (SME) in Information Security Governance, Risk, and Compliance (GRC), with the ability to establish and maintain governance frameworks across the enterprise. - Proven experience in IT SOX, ITGC, Technology Risk, Internal Controls, and a deep understanding of associated audit and compliance requirements. - Strong knowledge of security control frameworks such as NIST 800-53, ISO 27001, PCI-DSS, and the ability to operationalize these frameworks in a business context. - Hands-on experience in risk assessment methodologies, control testing, and mitigation planning across IT and business environments. - Expertise in assessing security risks in modern cloud environments (SaaS, PaaS, IaaS) and validating controls across the full technology stackapplications, operating systems, databases, and networking layers. - Strong stakeholder management skills, with the ability to influence, collaborate, and work closely with individuals at all levels of the organization. Your Life And Career At Saks Global - Opportunity to work in a dynamic fast paced environment at a company experiencing growth and transformation - Exposure to rewarding career advancement opportunities across the largest multi-brand luxury retailer from retail to distribution, to digital or corporate - Comprehensive benefits package for all eligible full-time employees (including medical, vision and dental) Thank you for your interest in Saks. We look forward to reviewing your application. Saks provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Saks complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, and transfer, leaves of absence, compensation and training. Saks welcomes all applicants for this position. Should you be individually selected to participate in an assessment or selection process, accommodations are available upon request in relation to the materials or processes to be used Saks.com is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.