Sr Analyst, Information Security

About Lowes
Lowes Companies, Inc. (NYSE: LOW) is a FORTUNE 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowes operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowes supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com.
About Lowes India
Lowes India is the retail technology center for Lowes Companies Inc. and is based out of Bengaluru, India. Set up in 2014, Lowes India focuses on technology and shared business services. Technology teams support e-commerce, mobile, infrastructure and corporate systems that enable various functions such as supply chain, distribution, corporate services. Initiated with just over 20 associates, Lowes India now has a growing associate base which employs over 3000 people.
Your Impact
The Third-Party Risk Senior Analyst is responsible for leading the assessment, monitoring, and mitigation of risks associated with the organizations third-party relationships. This role will work cross-functionally with cybersecurity, legal, procurement, compliance, and business stakeholders to ensure vendors meet the companys security, privacy, regulatory, and operational resilience standards. The ideal candidate will leverage industry best practices, risk quantification methodologies (e.g., FAIR), AI-driven assessment tools, and threat intelligence to strengthen third-party oversight across the enterprise.
What You Will Do

• Conduct Risk Assessments Evaluate third parties (vendors, partners, suppliers) for information security and operational risks.
• Review Security Documentation Analyze SOC reports, ISO certifications, SIG questionnaires, and other compliance materials.
• Monitor Risk Posture Continuously monitor third-party performance and security standing using internal tools and threat intelligence platforms.
• Perform Due Diligence Support onboarding and periodic reviews of third parties to ensure compliance with regulatory and company standards.
• Collaborate Across Teams Work closely with procurement, legal, InfoSec, and compliance to assess and manage vendor risk throughout the lifecycle.
• Maintain Risk Inventory Track and maintain an accurate inventory of third parties and associated risks.
• Support Risk Remediation Identify gaps and work with internal stakeholders and vendors to remediate control deficiencies.
  
• Report on Risk Metrics Create dashboards and reports to communicate risk findings, trends, and remediation status to leadership.
• Stay Current on Threat Landscape Research emerging threats (cybersecurity, geopolitical, regulatory) that may impact third-party relationships.
• Assist in Framework Alignment Ensure assessments align with risk frameworks (e.g., NIST, ISO, FAIR, SIG) and regulatory requirements (e.g., GDPR, CCPA).
• Security Third Party Risk Management Responsibilities
• Conduct third-party risk assessments (online as well as possibly onsite) to identify and evaluate potential risks (including cyber security, regulatory compliance, and operational risks).
• Undertake due diligence on prospective vendors, including assessing their security controls, policies, and procedures, and consolidate information towards evaluating their overall cyber risk posture.
• Execute processes to continuously monitor and assess the ongoing security posture and performance of third-party vendors.
• Work with vendors to address identified risks, establish risk mitigation plans, and monitor the implementation of remediation actions till closure. Ensure accurate and up-to-date records of assessments and associated risk mitigation activities.
• Foster effective relationships with vendors, serving as a point of contact for cyber risk-related matters and facilitating ongoing communication and collaboration.
• Monitor vendor compliance with information security obligations, applicable regulations and standards.
• Prepare reports, presentations, and other materials to communicate TPRM strategies and risks to stakeholders and provide regular reporting on vendor risk and compliance status to stakeholders and top management.
• Aid in development of TPRM metrics and dashboard to provide visibility into the vendors risk posture, and recommend improvements.
• Develop and review TPRM strategies, policies and standards.
• Collaborate with stakeholders to ensure coordinated and effective approach to TPRM. Minimum Qualifications

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
• 4 Years Experience in information security.
• Preferred Skills/Education
• Bachelors Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work experience in a related field)
• IT experience in the retail industry
• Experience with Open Source Intelligence (OSINT) tools and investigations
• Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management
• Experience conducting information security risk assessments of vendors and vendor software
• Hands on experience on GRC Applications & TPRM tools like Archer, LogicGate, SAP GRC, OneTrust, ProcessUnity, ServiceNow, BitSight, Prevalent, Black Kite, etc.
• Retail business experience, Experience with open-source Tools.
• Experience with Vulnerability Management in Public/Hybrid cloud environments.
• Understanding of Secure Software Lifecycle Development.
• Relevant information security certifications (CISSP, CISM, CISA, CRISC, CTPRP, CTPRA, Security+, etc.)
  

Lowes is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.