Burlington Information Security, Governance, Risk & Compliance Analyst III in Edgewater Park, New Jersey


If you want an exciting job with one of the largest off-price retailers in the nation, join the Burlington Stores, Inc. team as a Information Security Analyst! Do you have a passion for Data Security & Governance? Would you thrive in an environment that encourages creativity and thinking outside the box? Are you a team-player who would work well in a fast-paced technology department where you have to think on your feet and solve problems as they emerge? If so, this may be the right opportunity for you!

Position Summary:

This position has the responsibility to execute the information security and technology risk strategy; develop and enforce security governance, based on leading standards and policies; monitor and enforce information security compliance and regulatory considerations; manage and conduct risk assessments and information security audits; establish information and security risk metrics for reporting; conduct research on information security best practices, solutions, strategies, etc.; provide consulting to departments; conduct third party risk assessments; enhance risk and vulnerability assessment initiatives; and ensure oversight, enforcement, guidance, and leadership of the Information Security strategy and policies throughout the company.

The candidate will be an innovative, self-motivated team player and leader who will be able to educate, provide guidance, and drive a cultural and programmatic risk appreciation for information security and compliance throughout the company. This individual is a business enabler who demonstrates an ability to work with various departments (Legal, Finance, Internal Audit, IT, Business Units, etc.) and teams.

Major Duties and Responsibilities


• Development of diverse and impactful risk metrics

• Reviewing third-party attestation and audit reports, and providing feedback to business leaders and risk owners.

• Monitor and manage compliance of implemented enterprise information security controls

• Conduct risk analysis, assessments, and security audits using internal tools and third-party vendor partners

• Serves as a company representative with prospects, customers, and partners by assisting with completing security questionnaires, assessments and audits

• Preparing Daily Change Management Agenda

• Provide Information Security consulting and security awareness education

• Responsible for improving, monitoring (ongoing and assessments), and coordinating Third Party Vendor Risk Management activities; conduct vulnerability scanning of third-party vendor environments, and identify current vulnerabilities for vendor utilized environments/programs/applications


• Conduct research on information security best practices, solutions, strategies

• Develop, maintain, and enforce strong information security policies, procedures, and position papers

• Develop, maintain, and enforce strong security governance of all Information Security strategy and operational process and security vendor selection

• Planning and reviewing the annual review of compliance requirements influencing operations and initiatives in information security, privacy, and IT risk management.

• Planning and reviewing annually the risks influencing the effectiveness of information security, privacy, and Information security risk management.

• Studying risk assessments conducted by the business owners and support functions to incorporate relevant tests in assessment plans.

• Performing examination of security controls to determine design and operational effectiveness.

• Supporting IT management testing of controls independent of the audit schedule to save time during audits.

• Assisting third-party audits in consultation with IT, IA, business process owners and vendor management.

• Identify, implement, monitor, and enforce information security compliance, regulatory, and control frameworks

• Develop, Maintain, and enforce Identity & Access Management strategy & compliance initiatives

Bachelor's Degree preferred in Business, Information Security, or Information Technology . CISA, CRISC, GIAC, CISM, or CISSP Certifications preferred. 5-7 years business/technical/information security/risk compliance experience desired. Experience in information security risk analysis, auditing, compliance, policies, and overall governance and communication experience needed. Demonstrted success implementing and Information Security control frameworks and standards such as ISO 27000, COBIT, ITIL, NIST, PII, and PCI desired.
Posting Number 2018-85612
Location US-NJ-Edgewater Park
Address 4287 Route 130 S
Zip Code 08010
Position Type Regular Full-Time
Career Site Category Corporate
Position Category Information Technology
Evergreen Yes