Information Security Engineer
We are Aaron’s - an industry leader in the sales and lease-to-own retail industry known for quality brand names and superior customer service. We provide our team members the opportunity to reach their full potential in a team-oriented, high-energy, recognition-based environment with competitive pay and benefits. This is much more than a job – it is a career with purpose.
About Aaron's Tech:
In recent years, we’ve been on a journey to transform our business model with technology. We're not the slow, old-fashioned retailer you think we are. We used to be, but those days are long gone. In fact, we don't even think of Aaron's as a retail company. Instead, we think of Aaron's as a technology company that happens to sell and lease furniture, electronics and appliances. This way of thinking has demanded a massive shift in who we hire, how we organize and lead our teams, and how we deliver our technology and services. It's simple: we hire smart people who are motivated by delivering big, impactful results, we point them at big problems to solve, and we get out of their way. We believe our technology team is unique and special, and after learning about us, we believe you will think so too. Find out more at http://tech.aarons.com/.
The Information Security Engineer - Governance, Risk, and Compliance is responsible for investigating, validating, and assessing risk for external vendor relationships and internal vulnerabilities. Additionally, the candidate will assist and eventually run efforts around Payment Card Industry (PCI) certification and privacy.
The candidate will help define and shape policy that builds a security-conscious culture while enabling innovation and flexibility. The candidate will aid in generating new ideas and initiatives while supporting the daily operations of the GRC squad. They will also contribute to the process and technology improvements including automation in the GRC business functions.
Duties and Responsibilities:
- Accountable for assessment of vendors for business, financial, legal, and information security risk
- In conjunction with GRC Lead, accountable for making improvements to, streamlining, and automating the Vendor Risk Management Program.
- Collaborate with other teams across all business functions to help guide risked based policy and standards creation.
- Assist in responding to Privacy requests and defining Privacy Program best practices.
- Assist in achieving annual PCI certification and growth into PCI management.
- Actively engage with Aaron’s team members to educate, inform, and spread a culture of security awareness to the company.
- Apply creativity, enthusiasm, and question the status-quo; to solve information security problems and innovate new solutions.
- Exhibit excellent verbal and written communication skills including the ability to explain complex processes and risks in a concise manner to audiences ranging in technical experience.
- Demonstrate the ability to prioritize tasks and meet deadlines with minimal supervision.
Education and Experience:
- 3+ years prior experience in Information Security, Information Technology, IT Project management or related field.
- Proven record of being self-motivated and showing initiative.
Required Skills and Competencies:
- Experience with risk assessment/analysis fundamentals and an ability to demonstrate skills in analyzing complex technical solutions for risk.
- Demonstrable knowledge of security controls, architectures, and environments.
- A track record of being able to build and improve processes as well as experience with managing a complex program across multiple business units.
- Demonstrated ability to analyze and assess risk, compensating controls, and communicate complex topics in business terms to leadership.
- Experience with Vendor Management or other Commercial Off the Shelf GRC and Security tools (Lockpath, RSA Archer, Bitsight, Security Scorecard, Lexis Nexis, etc.) is a plus.
- Knowledge of and interest in US Privacy legislation landscape.
- Experience managing a PCI certification process as a project manager or as part of an Information Security organization.
- Process focused, with the ability to adapt the framework to match the situation; flexible, not rigid in approach.
- Ability to troubleshoot and resolve problems in a technical environment.
- Proficient in Microsoft Office Applications such as Excel, Word, PowerPoint, Outlook, and Visio.
Team members enjoy access to career training and advancement opportunities, and are rewarded with competitive compensation and a comprehensive benefits package, which includes:
- Paid time off including vacation days, sick days and holidays
- Medical, dental & vision insurance
- Maternity and Paternity Leave
- 401(k) plan with company match
- Flexible spending accounts
- Life insurance
- Disability benefits
- Stock Purchase Plan
- Team Member purchase discounts
At Aaron’s we offer sales and lease-to-ownership of specialty items including furniture, consumer electronics, home appliances, and accessories throughout the United States and Canada. Our customers shop at Aaron’s for the same reason you should choose us for the next step in your career – our ability to positively influence people’s lives. If you are looking for a company with the passion and dedication to make a difference in the lives of customers and team members alike, join us today.
Aaron’s is committed to creating a diverse and inclusive work environment, celebrates our team members’ differences, and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, pregnancy, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, military duty, gender expression, genetic information, or any other protected class. Candidates who require accommodation during the recruitment process should contact firstname.lastname@example.org.
Aaron’s is an Equal Opportunity Employer