The IT Enterprise Risk Analyst is responsible for executing cyber security, cloud, operational, and compliance reviews of Kohl’s Technology operations, processes, and initiatives. The IT Enterprise Risk Analyst will also perform risk advisement and remediation follow-up across the Kohl’s Technology organization.

ACCOUNTABILITIES

DRIVE TECHNOLOGY ACTIONS THROUGH QUALITY AUDITS, PROJECTS AND FOLLOW-UP

• Assess cyber security, cloud, operational, and compliance risk in Kohl’s technology and support the development of detailed audit procedures to develop risk-based audit programs
• Obtain and analyze information for evidence of cyber security violations, deficiencies in internal controls, or lack of compliance with laws, government regulations, and Kohl's policies and procedures
• Challenge existing processes including suggesting more efficient or alternative methods to achieve objectives
• Prepare work papers to clearly support the audit conclusion in accordance with internal auditing standards
• Communicate the results of audit/projects to ERS leaders and collaborate to develop action plans addressing identified risk/process gaps

COMPLETE TECHNOLOGY COMPLIANCE ACTIVITIES

• Support PCI assessment activities, in partnership with Information Security team
• Execute Sarbanes-Oxley process walkthroughs, testing and follow-up
• Support the continuous improvement of technology compliance activities
• Execute banking partner security reviews and follow-up
• Partner with ERS leadership to communicate with banking partner on follow-up status and remediation

EXECUTE EFFICIENT & EFFECTIVE PROJECT MANAGEMENT

• Manage and prioritize assignments including all audits and project involvement
• Inform ERS stakeholders of project status and execute to planned project timelines
• Provide timely results of audit and communicate recommended solutions

SUPPORT DEVELOPMENT OF SELF/TEAM

• Pursue opportunities to improve team communication, organizational, technical, and analytical skills

LEVERAGE RELATIONSHIPS TO ENHANCE RISK AWARENESS

• Develop cross-functional relationships across multiple levels within organization
• Support risk advisory activities across the technology and business organization

QUALIFICATIONS

REQUIRED

• Bachelor's Degree in MIS or similar with 1-2 years of relevant IT audit, risk, or cyber security experience
• Ability to comprehend and analyze technology systems and environments

PREFERRED

• Certifications such as CISA, CISSP, CIA desired
• Word processing and spreadsheet software, Google apps collaboration tools, Tableau or other data analysis tools
• Cloud platforms including GCP
• Technical server, database, messaging, integration, and CICD platforms

SPECIAL REQUIREMENTS

• Ability to travel minimally (Up to 5% annually)