Analyst, Information Security Risk in Etters at Rite Aid

Date Posted: 9/8/2019

Job Snapshot

Job Description

Job Description SUMMARY

The primary purpose of this position is to perform information security risk analysis, risk assessments and evaluation of security solutions on both Rite Aid and vendor technology environments which help secure applications, operating systems and networks. Frequent independent judgments are essential. The incumbent is also required to perform all tasks in observance of Rite Aid’s brand and strategy and adhere to our core values and service attributes.


The associate is responsible for the functions below, in addition to other duties as assigned:

  •  Help the Sr. Manager and Chief Information Security Officer perform application and technology design review and security risk assessments
  •  Provide research, analysis and guidance on management, operational and technical security requirements and solutions for business initiatives
  •  Perform analysis and consulting in information security and risk management to business units, information technology organizations, support and operational functions
  •  Assist the CISO and Information Technology associates in defining security requirements for select vendors and systems
  •  Help support the risk management and information security aspects of business initiatives and Information Technology projects to assist in mitigating security risks for information, business and operational applications and systems across the company
  •  Assist with the development of security management policies, standards and practices; including technical Information Technology standards
  •  Monitoring for compliance with specific state and federal security and privacy laws and update Rite Aid policies and procedures, as appropriate.  Assist Rite Aid subsidiaries to update their policies and procedures
  • Develop business line presentations and provide security awareness training as outlined by management for Rite Aid and its subsidiaries
Experience / Requirements
  • Three (3) years' of experience in Auditing, Risk Management Analysis or Technology required
  • Or equivalent education in lieu of experience

Certificates, Licenses, and/or Registrations
  • Other, Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified Risk and Information Systems Control (CRISC), or

    Certified Third Party Risk Professional (CTPRP) preferred

  • Bachelor’s Degree in Arts/Sciences (BA/BS) Accounting or Business required