Senior Analyst, IT Security RIsk in Grapevine, TX at GameStop

Date Posted: 10/7/2018

Job Snapshot

Job Description


Working with general supervision, the Information Technology (IT) Security Risk Senior Analyst supports the risk identification and management process across all aspects of Information Technology. Responsibilities include assisting in assessing security risk at multiple levels, including the enterprise, project and third-party vendor.  The Senior Analyst will support a wide range of activities related to risk management such as updating and maintaining the risk register and risk exception processes. The Senior Analyst will keep management up to date on the results of risk assessment activity and make recommendations for mitigations, or projects to protect systems or cover potential losses.  To continually improve the quality of the risk management, this individual will collect lessons learned information and metrics from security events and integrate the knowledge gathered into future protection strategies. This may involve reviewing logs, network traces and other evidence from computers, networks and data storage devices.  Associate may interact with his or her supervisor several times a week, perhaps daily, to receive guidance and feedback. Some non-routine activities may require a supervisor’s advance approval.


  • Stay knowledgeable of security risk impact resulting from advancing or emerging processes and technology
  • Assists with researching and analyzing vulnerabilities, identifying relevant threats and making corrective action recommendations
  • Document identified issues, risks and potential impacts and assist in their resolution
  • Examine compliance with security controls and track deficiencies
  • Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions
  • Assess the security risk associated with projects and new or existing third-party vendors
  • Responsible for on-going support of a eGRC tool, and maintenance of support documentation
  • Gather and report metrics reflecting the state of security risk within GameStop and its global entities
  • Conduct enterprise security risk assessments across GameStop’s global entities, reporting results to management
  • Track risks, exceptions and associated mitigations utilizing a risk register
  • Model the behaviors expected of all GameStop leaders including, but not limited to, a drive for results, with a demonstrable bias for action; high levels of emotional intelligence, maturity, and professionalism; giving, receiving and responding to feedback effectively; a consistently high service orientation; and demonstrable commitments to diversity, inclusion, a respectful workplace, and integrity
  • Originate action to improve existing conditions and processes; identify improvement opportunities, generate ideas, and implement solutions
  • Identify, track, and report meaningful performance/progress metrics, and support the team with achieving performance goals


  • Customer Focus —  Makes internal and external customer needs the primary focus of one's actions; develops and sustains productive customer relationships
  • Drive for Results and Accountability — Consistently maintains high levels of productivity; works with vigor, effectiveness, and with a consistent focus on objectives
  • Building a Successful Team – Uses appropriate methods and a flexible interpersonal style to help build a cohesive team; facilitates the completion of team goals
  • Building Strategic Partnerships – Identifies opportunities and takes action to build strategic relationships between one’s area and other areas, teams, departments, units or organizations to help achieve business goals


  • Accredited bachelor’s degree in technology, business administration, or similar business discipline required
  • 1 year+ of experience in information security and/or IT risk management required
  • 2-3+ years of professional experience preferred
  • Must be inquisitive and quick learner with attention to detail


  • Knowledge of hardware /software architecture and domains in IT operations with a focus on governance, risk and compliance;
  • An understanding of communications and network vulnerabilities;
  • Knowledge of security products, such as vulnerability scanning, GRC tools, etc;
  • Knowledge of computer and mobile architectures, OS and applications;
  • Fluency in network technology such as LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems;
  • Should possess or be working towards information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) or the ability to gain a certification after hiring;
  • Understanding of legal and regulatory compliance standards and requirements against data and IT, including Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT;
  • Ability to develop and evaluate technology policies, technical standards and operational procedures;
  • Familiarity with multiple software types at the application and enterprise levels;
  • Encourages diverse and entrepreneurial thinking in an environment in which people are comfortable taking appropriate risks and learning from any mistakes that they make
  • Proficient understanding of the principles of giving and receiving feedback effectively
  • Consistently demonstrates a commitment to GameStop policies and procedures, including but not limited to, attendance, confidentiality, conflict of interest, and ethical responsibilities