We are seeking a highly motivated Cyber Risk Analyst to join our Governance, Risk, and Compliance (GRC) team within Information Security (InfoSec). In this role, you will identify, evaluate, and monitor security risks across a complex, high-volume retail ecosystem including stores, distribution centers, cloud environments, and enterprise systems and applications. You will partner closely with technology, compliance, and business stakeholders to ensure risks are understood, documented, and treated in alignment with our cybersecurity strategy, risk management framework, and industry best practices.
This position is Hybrid (4 days in office, 1 day remote), based at our corporate headquarters in Raleigh, North Carolina. Flexibility for occasional travel may be required.Key Responsibilities
Risk Evaluation
Conduct security risk assessments across applications, infrastructure, and operations.Analyze technical and business impacts, likelihood, and severity of identified risks.Document risks clearly in the InfoSec risk register, ensuring accuracy, completeness, and traceability.Evaluate proposed controls for adequacy and provide recommendations based inherent risk.Risk Treatment
Document risk treatment plans including mitigation strategies, compensating controls, ownership, and timelines.Collaborate with risk owners to ensure treatment plans are actionable and aligned with business priorities.Track and report on treatment progress, risk acknowledgements, and residual risk.Escalate critical risk items and overdue treatments to leadership as needed.Monitoring
Support ongoing risk monitoring and reporting activities, including dashboards and scorecards for senior leadership.Facilitate risk review meetings with technology and business owners.Maintain metrics to measure risk posture and treatment effectiveness.Incident & Issue Support
Collaborate with Security Operations, IT, and business teams to evaluate risks associated with security incidents, vulnerabilities, and audit findings.Provide recommendations to reduce residual risk or strengthen overall control posture.Compliance & Standards Alignment
Assist with aligning internal processes to regulatory and industry standards relevant to retail (PCI DSS, SOX ITGC, etc.).Contribute to updates of internal policy, standard, and procedure.Qualifications
Required
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field, or equivalent experience.2–4 years of experience in cybersecurity, IT audit, risk management, or related discipline.Knowledge of common security frameworks (NIST CSF, NIST 800-53, ISO 27001, PCI DSS).Experience conducting risk assessments and reviewing security controls.Strong analytical, communication, and documentation skills.Ability to translate technical details into clear business impacts.Preferred
Experience in a large enterprise or retail environment.Familiarity with GRC-related platforms (e.g., ServiceNow, OneTrust).Understanding of cloud environments (AWS, Azure, GCP) and modern tech stacks.Knowledge of Cyber Third-Party Risk Management and Compliance..
California Residents click below for Privacy Notice:
https://jobs.advanceautoparts.com/us/en/disclosures