Sr. Analyst, Information Security

Sr. Analyst, Information Security (Third-Party Risk Management) Join to apply for the Sr. Analyst, Information Security (Third-Party Risk Management) role at Lowes Companies, Inc. Your Impact The Third-Party Risk Senior Analyst is responsible for leading the assessment, monitoring, and mitigation of risks associated with the organizations third-party relationships. This role will work cross-functionally with cybersecurity, legal, procurement, compliance, and business stakeholders to ensure vendors meet the companys security, privacy, regulatory, and operational resilience standards. The ideal candidate will leverage industry best practices, risk quantification methodologies (e.g., FAIR), AI-driven assessment tools, and threat intelligence to strengthen third-party oversight across the enterprise. What You Will Do Conduct Risk Assessments Evaluate third parties (vendors, partners, suppliers) for information security and operational risks. Review Security Documentation Analyze SOC reports, ISO certifications, SIG questionnaires, and other compliance materials. Monitor Risk Posture Continuously monitor third-party performance and security standing using internal tools and threat intelligence platforms. Perform Due Diligence Support onboarding and periodic reviews of third parties to ensure compliance with regulatory and company standards. Collaborate Across Teams Work closely with procurement, legal, InfoSec, and compliance to assess and manage vendor risk throughout the lifecycle. Maintain Risk Inventory Track and maintain an accurate inventory of third parties and associated risks. Support Risk Remediation Identify gaps and work with internal stakeholders and vendors to remediate control deficiencies. Report on Risk Metrics Create dashboards and reports to communicate risk findings, trends, and remediation status to leadership. Stay Current on Threat Landscape Research emerging threats (cybersecurity, geopolitical, regulatory) that may impact third-party relationships. Assist in Framework Alignment Ensure assessments align with risk frameworks (e.g., NIST, ISO, FAIR, SIG) and regulatory requirements (e.g., GDPR, CCPA). Minimum Qualifications 4 Years of Experience in information security or equivalent military experience. Preferred Skills/Education Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work experience in a related field) IT experience in the retail industry Experience with Open-Source Intelligence (OSINT) tools and investigations Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management Experience conducting information security risk assessments of vendors and vendor software Hands-on experience on GRC Applications & TPRM tools like Archer, LogicGate, SAP GRC, OneTrust, ProcessUnity, ServiceNow, BitSight, Prevalent, Black Kite, etc. Retail business experience, Experience with open-source Tools. Experience with Vulnerability Management in Public/Hybrid cloud environments. Understanding of Secure Software Lifecycle Development. Relevant information security certifications (CISSP, CISM, CISA, CRISC, CTPRP, CTPRA, Security+, etc.) Where Youll Be Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support. Lowes supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub Most business meetings are planned around the Eastern time zone. Lowes is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law. #J-18808-Ljbffr