Skip to main content

Information Security Analyst (GRC)

  • Posted
  • Ann Arbor, Michigan, United States

About Us

Domino’s Pizza, which began in 1960 as a single store location in Ypsilanti, MI, has had a lot to celebrate lately: we’re a reshaped, reenergized brand of honesty, transparency and accountability – not to mention, great food! In the rise to becoming a true technology leader, the brand is now consistently one of the top five companies in online transactions and 65% of our sales in the U.S. are taken through digital channels. The brand continues to ‘deliver the dream’ to local business owners, 90% of which started as delivery drivers and pizza makers in our stores. That’s just the tip of the iceberg…or as we might say, one “slice” of the pie! If this sounds like a brand you’d like to be a part of, consider joining our team!

Job Details

As Domino’s continues to mature the information security program, we recognize the value of an Information Security Analyst as one of the key enablers of such a program.

The position is a critical member of the Information Security team. The role will report directly to the Information Security Governance, Risk & Compliance Manager, and will work closely with various Information Security personnel in the organization. The role is also expected to establish a strong working relationship with various Domino’s team members.

The position will play in integral role in Domino’s Governance, Risk and Compliance (GRC) program, and will work closely with other Team Members in the GRC team. The position is expected to collaborate in a positive manner with other functions within the Domino’s Technology department and other Domino’s business units.

The position will collaborate with the Information Security Leadership team, all functions within the Information Security organization, the broader Information Services department, and various business units.

The candidate is expected to have proven knowledge and experience in information security, information technology, compliance (focusing on PCI and SOX), privacy (CCPA and GDPR), and business field.

Responsibilities and Duties

  • Executes security compliance processes and/or assessments for external services. Manage and approve internal and external Accreditation Packages (e.g., PCI-DSS, Sarbanes-Oxley (SOX), SSAE18, SOC2, ISO). Ensure that cybersecurity requirements are included in contract language and delivered.
  • Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risks.
  • Monitor and measure risk, compliance, and assurance. Assess the effectiveness of security controls. Analyze risk for new or modified applications or systems. Confirm that the level of risk is within acceptable limits for each software application, system, and network.
  • Develop test plans and perform security reviews. Identify gaps in security architecture and develop a security risk management plan. Make recommendations based on test results.
  • Ensure that remediation plans are in place for deficiencies identified during assessments.
  • Test, evaluate, and verify hardware and/or software to determine compliance with defined requirements.
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend actions to correct deviations.
  • Verify and update security documentation reflecting the application/system security design features.
  • Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
  • Collect metrics and trending data and develop strategic insights. Present technical information to technical and nontechnical audiences. Provide actionable recommendations to stakeholders.
  • Serve as an internal consultant and advisor in own area of expertise (e.g., technical, privacy, compliance).

 

Qualifications

Required Core Competencies

The team member is expected to possess the relevant leadership competencies, including the following:

  • Follows through on commitments, acts with integrity and takes personal responsibility for decisions, actions, and failures, establishes clear responsibilities and processes for monitoring work and measuring results.
  • Assumes positive intent of others, works cooperatively with others across the organization to achieve shared objectives, represents own interests well while being fair to others and their areas, partners with others to get work done, credits others for their contributions and accomplishments, gains trust and support of others.
  • Shows personal commitment and acts to continuously improve, accepts assignments that broaden capabilities, demonstrates curiosity and openness to differences, new ideas and thinking, demonstrates vulnerability, including a willingness to ask for help or acknowledge mistakes.
  • Gains insight into customer needs, identifies opportunities that benefit the customer, builds, and delivers solutions that meet customer expectations, establishes, and maintains effective customer relationships.
  • Promotes information sharing, collaboration, and transparency.
  • Aligns and supports leadership strategic directives and contributes to team’s objectives.

Required Technical Skills

  • Ability to communicate complex information in a clear, concise, and organized manner. Demonstrates skill in managing client relationships and expectations and demonstrating commitment to delivering quality results.
  •  Ability to conduct assessments, including analyzing test data and rendering conclusions. Skill in using data mapping, analysis, and visualization tools. Skill in conducting assessments of technical systems. Skill in assessing security controls based on cybersecurity principles. Understands impact/risk assessments and root cause analysis.
  • Ability to apply critical thinking to evaluate information for reliability, validity, and relevance. Ability to function in a collaborative environment, seeking consultation with analysts and experts to leverage technical expertise.
  • Ability to understand cybersecurity impact to organization and how to apply cybersecurity principles to organizational requirements (relevant to confidentiality, integrity, availability).
  •  Knowledge of IT security principles and methods (e.g., firewalls, DMZ, encryption). Knowledge security methodologies for network, databases, and operating systems. Knowledge of systems administration concepts and hardening techniques. Knowledge of network hardware devices, functions, and architecture concepts.
  • Knowledge of Payment Card Industry (PCI) data security standards.
  • Knowledge of the application firewall concepts and functions (e.g., single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
  • Knowledge of Sarbanes-Oxley (SOX) requirements, including IT General Controls, Application Controls, and SOD testing.
  • Knowledge of risk management processes, cybersecurity and privacy principles, and cyber threats and vulnerabilities.
  • Knowledge of information classification concepts. Knowledge of principles for managing risks related to handling of data and information.
  • Knowledge of applicable business processes and operations.
  • Knowledge of new and emerging IT, cybersecurity technologies, security issues, risks, and vulnerabilities.                      

Core Qualifications

  • A bachelor's degree in computer science, information systems, business, or other related field; or equivalent work experience.
  • 2 to 3 years of general information technology work experience (more than 1 year of information security work experience in PCI and/or SOX is preferred for Infosec Analyst role)
  • CISSP, CISA, CISM, CRISC, CGEIT or other relevant certifications is desired but not required.
Additional Information

All your information will be kept confidenJoin the team that makes all of our new ideas possible across our 17,000+ stores. So much of our lives involves the use of technology, but we don't all speak the language of tech. We need translators in the form of writers who can break down highly complicated information from technical experts and make it relatable to even the least technical among us. That's where technical writers come in.