Aaron's Inc Senior Information Security Engineer – Governance Risk & Compliance in Kennesaw, Georgia

Aaron’s has a long legacy as an industry leader, with continued growth regardless of the economy. In business since 1955, we have grown to over 1,860 stores across North America built on a foundation of excellence, customer focus, quality products and services. Personally and professionally, we hold ourselves to high standards and an unwavering commitment to do what’s right; treating every individual with respect, compassion and integrity. We are highly invested in the communities we serve through our community outreach programs, donating time, products and services locally and nationally.

As a potential Aaron’s Associate, you’ll share our purpose and passion for making a real difference in the lives of others and the rewards that come from creating strong personal connections for life. You’ll be a contributing team member in an environment that embraces challenge and has a strong drive to achieve. We like to set the bar high, roll up our sleeves and work together to out-perform the competition. You’ll have an opportunity to work in an environment which prides itself on recognizing and rewarding top performers.

Interested in becoming a Senior Information Security Engineer-Governance, Risk, and Compliance (GRC) at Aaron’s? The Senior Information Security Engineer-Governance, Risk, and Compliance (GRC) assists in the GRC function. He/she generates and champions new ideas and initiatives and strives for process and technology improvements and excellence in the GRC function.

Duties & Responsibilities:

  • Participates in the strategy and day-to-day operations of the GRC function and team members.

  • Organize data maintained in the company’s GRC system.

  • Assist in PCI assessments and provide PCI guidance to various teams.

  • Maintains Information Security policies, standards, procedures, technical security baselines, and awareness.

  • Assists in identifying and gathering all Information Security metrics.

  • Participates in driving Security Awareness in the Enterprise.

  • Assist the team in managing the Third-party vendor and risk assessment processes.

  • Supports and consults with stakeholders on information security issues

  • Applies industry and internal best practices in solution of technical and business problems.

  • Prepares recommendations and implements changes to work methods and procedures to make them more effective and/or to strengthen security measures

  • Coordinates large-scale Information Security projects

  • Serve as a technical mentor for newer or more junior team members

  • Demonstrates initiative through driving and facilitating their specific information security squad to review, improve and implement needed process, best practices, technology and environment changes.

  • Self-starter with the ability to work independently as well as the ability to negotiate and bring consensus to diverse priorities of product development and solution delivery teams.

Education & Experience:

  • 5 or more years’ experience in an Information Technology related role.

  • 3 or more years in an Information Security role or related.

  • Bachelor’s Degree in an applicable field highly preferred.

  • CISM, CISSP, PCIP, ISA, or equivalent certifications preferred.

Required Skills:

  • Ability to assess security risk, controls, and compliance in a variety of situations, architectures, and solutions.

  • Experience performing information security risk assessments.

  • Knowledge of GRC technology such as LockPath, ServiceNow GRC, Archer, Modulo, etc.

  • Experience creating information security policies, standards, and authoritative documents.

  • Strong understanding of industry frameworks and best practices (ex. NIST, ISO, OWASP, CIS, etc.)

  • Experience with PCI assessments and requirements preferred.

  • Excellent verbal and written communication skills including the ability to describe or explain complex processes and issues in a concise manner.

  • Ability to understand complex information systems, prioritize tasks, and meet deadlines with minimal supervision.

  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.

  • Strong interpersonal skills.

  • Analytical thinking skills and a sense of urgency

Aaron’s, you will have access to a comprehensive benefits package that includes:

Paid time off including vacation days, sick days and holidays

Ongoing training and development

Medical, dental & vision insurance

401(k) plan

Stock Purchase Plan

Life insurance

Disability benefits

Associate Purchase Discounts

Aaron’s is an Equal Opportunity Employer