Security Analyst (IT Risk)

Welcome to Ross Stores, Inc., where our differences make us stronger… At Ross and dd’s, inclusion is a way of life. We care about our Associates and the communities we serve and we value their differences. We are committed to building diverse teams and an inclusive culture. We respect and celebrate the diversity of backgrounds, identities, and ideas of those who work and shop with us. Come join us as we continue our diversity, equality and inclusion journey!

The Security Risk Analyst is responsible for executing IT risk management processes within Ross. This includes performing risk assessments, tracking mitigation efforts and developing risk metrics and risk reports. This position is also responsible for executing security risk related projects and programs, such as monitoring DLP events, third-party risk assessments, updating security policies and procedures and executing security awareness programs.


• Performs risk assessments to identify current and future security vulnerabilities.

• Performs Third Party risk assessment and related contracts agreements to ensure necessary security controls have been included as part of services and capabilities for the protection of organization assets

• Provides support to IT during product and vendor selection process and provide subject matter expertise on Information security risk and compliance

• Maintains related IT Risk Management metrics and reporting. Collaborates with IT Compliance Manager, Secure SDLC Manager, Information Security, and IT groups to gather and analyze metrics.

• Maintains risk assessments related tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing an overall view of the organization's risk profile.

• Maintains Information security policies, standards and procedures

• Maintains information security awareness programs, regularly conducting exercise to educate employees of the information security and best practices.

• Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.


• Building Effect Teams (for managers of People and Projects)

• Developing Talent (for managers of people only, N/A for this role/level)

• Collaboration

• Leading by Example

• Communicates Effectively

• Ensures Accountability and Execution

• Manages Conflict

• Business Acumen

• Plans, Aligns and Prioritizes

• Organizational Agility
With particular emphasis on the following specific position-related competencies:

• Analysis/Judgement

• Drive for Results

• Communication

• Teamwork


• Three years of Information Technology Security, at least 1 with large enterprise organizations

• Bachelor's degree or equivalent combination of education and relevant experience

• Strong understanding of security governance, compliance and risk management principles.

• Working knowledge of UNIX and Windows

• Firewalls, VPN, PKI, IPS

• Oracle, MS SQL

• Virtualization Security

• Proficient in Microsoft Word, Excel, PowerPoint

• Excellent analytical, organizational and communication skills

• Strong Project Management skills
Preferred Qualifications:

• CISSP (Certified Information Systems Security Professional) Preferred

• CRISC (Certified in Risk and Information Systems Control (CRISC)Preferred

Job requires ability to work in an office environment, primarily on a computer.
Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.
Consistent timeliness and regular attendance.
Vision requirements: Ability to see information in print and/or electronically.
This role requires regular in-office presence, including to engage in in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.


This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company's overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.