Senior Manager, Information Security

Job Description

Job Description About Lowe’s Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com. Job Summary The primary purpose of this role is to manage a team focused on defining, implementing and/or maintaining processes and tools that support enterprise technology security. This includes accountability for optimizing performance of services that span security and technology domains, including Operations, Policy, Governance and Delivery. In addition, this role provides insight and recommendations to inform the ongoing strategy for health and care of assigned security processes and tools. This individual manages people which includes responsibility for setting individual and team expectations, delegating assignments and managing performance, identifying talent needs, and coaching and developing team members. With a focus specifically on Network Security Engineering , this role manages the technical aspects of developing, implementing and maintaining security infrastructure systems within various computing environments. This role manages team(s) through all system development lifecycle phases and provides insight and recommendations to inform the ongoing strategy for health and care of assigned domain(s) and/or platform(s). With a focus specifically on Security Threat & Vulnerability , this role manages a team and associated processes focused on vulnerability identification or remediation. This includes providing day-to-day management of information security and risk activities, including oversight of vulnerability assessments and remediation programs serving both internal and external stakeholders. Qualifications Minimum Qualifications • Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field) • 10+ years IT experience with a broad range of exposure to all aspects of business/system planning, analysis, and application development • 10+ years of experience leading project or technical teams with or without formal direct report responsibility; this includes experience providing technical direction, thought leadership, coaching and mentoring to team members • 10+ years of experience with information security tools, concepts and practices • Familiarity with multi-platform technology environments and their operational/security considerations • Experience managing projects and project resources to meet goals on simultaneous/multiple projects Preferred Qualifications • Master’s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field • IT experience in the retail industry • Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) • Experience in a PCI/Retail technology environment • Leadership experience with direct report responsibility • Experience managing in an Agile environment • Experience leading global teams • Experience with process management methodologies such as Six Sigma or ITIL Delivery methodologies (Agile, Scrum, SAFe) • Broad knowledge of infrastructure (network and servers), network architecture, services and security policies Security Governance, Risk & Compliance • 4 years of experience in one or more of the following fields: technical, security or privacy education/training, information security, external/internal audit, risk management (specific to Security Governance, Risk and Compliance role) • 3 years of experience conducting or leading PCI-DSS assessments (specific to Security Governance, Risk and Compliance role) Network Security Engineering • 10+years of experience in Security Engineering (specific to Security Engineering role) • Advanced knowledge of core Information Security concepts related to security infrastructure components (specific to Security Engineering role) • Knowledge of retail regulatory scope (PCI, SOX, etc.) (specific to Security Engineering role) • 5 years of experience in Security Engineering (VPN, layer 4 to layer 7 firewalls, etc.) (specific to Security Engineering role) Security Threat & Vulnerability • 6 years of experience in Information, Network, or Application Security (specific to Security Threat & Vulnerability role) • Advanced knowledge of core Information Security concepts related to Threat and Vulnerability Management or Offensive security testing (specific to Security Threat & Vulnerability role) • Knowledge of retail regulatory scope (PCI, SOX, etc.) (specific to Security Threat & Vulnerability role) Show more Show less