Sr. Security Risk Management Analyst-2 in Huntersville, NC at American Tire Distributors

Date Posted: 3/4/2021

Job Snapshot

  • Employee Type:
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:

Job Description

We look forward to your application! When applying, please be sure to put your Full Legal First Name and Last Name for legal and processing purposes.

Are you looking for an opportunity to turn your ambition and your people skills into a rewarding career with an industry leader? Join our team at American Tire Distributors! As the nation's premier tire distributor, ATD’s coast-to-coast distribution network provides approximately 80,000 customers across the U.S. and Canada with rapid and frequent delivery of high quality tires, custom wheels and shop supplies. 

Position Description: 

This senior analyst level position has hands-on responsibility for supporting the Security Risk Management & Governance organization for American Tire Distributor (ATD).

This position reports to the Director of Security Risk Management and Governance and is responsible for supporting the security risk management & governance program and services. This position has a wide expanse of key relationships and must demonstrate positive leadership, relation management, and collaboration competencies.

Essential Duties & Responsibilities

  • Lead and /or support SRC efforts in developing security requirements for all internal security reviews, third party security risk assessments, and required compliance examinations
  • Lead and/or support PCI compliance program and efforts in meeting security requirements and aligning to business needs.
  • Lead and/or support SOC 2 compliance program and efforts in meeting security requirements and aligning to business needs.
  • Deliver formal assessments and recommendations to the Chief Security Officer on reviewed third party vendor, internal, and cloud environments for use in production. Conduct and deliver annual reviews as applicable.  
  • Lead and/or support efforts and support team in delivering IT and Security related Policies and Standards.
  • Developing security recommendations following NIST and Cloud Security Alliance guidance and security best practices.
  • Lead efforts and support team in oversight of IT and vendors regarding the security maintenance of their systems and applications.
  • Assist team with any security awareness training requirements and corporate communications. 
  • Work with teams supporting updated security controls in accordance with vulnerability management program
  • Coordinate information and security risk metrics from multiple systems and platforms for leadership reporting
  • Conduct research on information security best practices, solutions, strategies, etc.; provide consulting to business lines and shared services
  • Assist team as needed in conducting Business Impact Analysis (BIAs) in preparation for Disaster Recovery and Business Continuity testing
  • Proactively partner with Security, IT Compliance, IT, HR, Audit Services, Legal, Finance, Compliance, and business stakeholders to identify and communication key security risks and effective mitigation solutions.
  • Monitor and report progress of regulatory corrective action plans to senior management.
  • Analyze latest technology risks reviews and alert on emerging security risks/concerns.
  • Perform and report on trend analysis, identifying opportunities for process improvements.

Success Factors/Key Metrics:                                                                                                       

  • Highly effective communicator for multiple disciplines and levels
  • Effective planning, development, and execution capabilities.
  • Effectively deliver key Security Risk Management Reporting, metrics, and other relevant key factors.
  • Accurate schedule estimates for program development, execution, and standard work.
  • Effective delivery of services that demonstrate compliance with applicable laws and industry requirements, including but not limited to PCI-DSS, SOC 2, CCPA, and SOX related requirements.

Key Partners (Positions):                                                                                                              

  • IT infrastructure, application development, HR, Legal, Audit, and other development teams
  • ATD Associates and Contractors
  • ATD Customers and Partners
  • Other partners as required by position

Direct Report Position Titles



  • Master’s degree in Computer Science, Information Technology or Cyber Security 
  • Minimum 5+ years of related information security and system administration experience
  • In-depth knowledge of domain structures, user authentication and authorization, encryption and digital signatures and networking
  • Knowledge of the security requirements for NIST Cyber Security Framework, NIST 800 series, ISO 27001/27002, PCI, and SOC2
  • Knowledge of privacy regulatory requirements for GDPR, CCPA and other applicable compliance requirements
  • Solid understanding of Google GCP, Microsoft Azure & Office365 Security center (and associated cloud applications) and compliance
  • Solid understanding both technically and functionally of Active Directory, DNS, DHCP Group Policy, Security (including SID, GUID, permissions & NTFS)
  • Solid understanding of security for internet-working protocols, platforms and devices such as IP, firewalls, servers, proxies, email filters, routers, and switches
  • Demonstrated project and/or process management experience Other Requirements: 
  • Professional Experience: 
    • Minimum of 3 years’ experience – Security Risk Management & Governance Senior manager or above
    • Minimum of 3 years’ total of performing Security Risk Assessments, leading related programs, developing and implementing security policies and best practices.  Experience in leading security training and educational programs for multiple countries and languages. 
  • Two or more of the following certifications: 
    • Microsoft Certified Systems Administrator: Security (Azure)
    • CISSP
    • CISA
    • CRISC
    • SSCP
    • CISM
    • SAN’s Certifications
    • CompTIA Security+
    • GIAC Information Security Fundamentals

Candidate Skills and Competencies

  • Must be able to work in an Agile environment.
  • Exceptional written and verbal communications skills.
  • Strong security consulting background and/or related experience.
  • Prior IT hands-on experience (e.g., engineering, application development, operations, business development, help desk, PMO).
  • Excellent presentation skills – able to promote ideas, collaborate across teams and influence. 
  • Able to work across all groups and levels of management and business groups.
  • Experienced in creating and tuning metrics to reflect security maturity and measurement of program performance.
  • Results oriented with demonstrated problem solving and decision-making skills.
  • Knowledge of security related compliance requirements (PCI, SOX, and Security best practices).
  • Experience in applying security risk control frameworks (such as NIST Cyber Security Framework, COBiT, and ISO).
  • Knowledge of software development processes in place at American Tire.
    • Think Innovatively:  Identify and act on ideas which further the Company’s strategic goals.
    • Plan and Execute for Success:  Identify and address root causes when solving problems.  Work collaboratively with other departments and functional teams to coordinate effective solutions.
    • Act Collaboratively:  Communicate effectively across teams, functions and departments.
    • Communicate Effectively:  Communicate clearly and concisely and adjust communication style to improve performance
    • Demonstrate Respect:  Handle all business matters ethically and in full compliance with American Tire Distributors “Code of Conduct”
    • Be Accountable for Results:  Assume full responsibility for the consequences of one’s behaviors, decisions and results.

This job description in no way states or implies that these are the only duties to be performed by the employee occupying the position.  Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor, subject to reasonable accommodations.  Nothing in this job description creates a contract of employment in any way for any person.   All employees hired by American Tire Distributors, Inc. are employees at will and the company reserves the right to terminate employees at any time for any reason or no reason at all.

Build a challenging and rewarding career with us!

American Tire Distributors is an Equal Opportunity Employer and Drug Free Workplace

Shift Type:
Job ID: R13978