Job Description
Join Nordstrom's Technology team as a Senior Risk Management Analyst, where you'll play a pivotal role in shaping our enterprise cybersecurity risk strategy. You will be a trusted advisor to leadership, building comprehensive risk assessment methodologies that protect our organization, enable informed decision-making, and ensure we remain audit-ready across complex regulatory and threat landscapes.
In this role, you will lead cybersecurity risk management initiatives across the enterprise, designing frameworks and operational workflows that integrate multiple risk domains while aligning with business objectives. You will have authority to design assessment methodologies, establish operational standards, and make significant commitments for audit engagements, third-party assessments, and GRC platform implementations.
Are you a strategic thinker with deep expertise in cybersecurity risk management Do you have a passion for building scalable programs that enable business growth while managing enterprise risk Do you think about ways to integrate risk-by-design principles into everything we do Join our team and be part of a company that is on the cutting edge of retail technology, committed to getting consumers the products they love in a safe and secure environment.
A Day in the Life...
Methodology Design & Operational Standards
Design comprehensive assessment methodologies for enterprise cybersecurity risks, creating frameworks that integrate multiple risk domains and align with business objectives
Develop operational standards and quality criteria for risk management processes, ensuring consistency and effectiveness across the organization
Design operational workflows that optimize risk management processes while maintaining audit trail integrity and regulatory compliance
Implement integrated controls across multiple technology and business domains, ensuring comprehensive risk coverage and efficient resource utilization
Third-Party & External Relationship Management
Manage third-party risk assessments including external audit engagements, vendor security evaluations, and specialized consulting projects
Serve as primary liaison with external auditors and risk stakeholders, representing the organization's cybersecurity risk posture and remediation efforts
Make significant commitments for audit engagements, third-party risk assessments, and GRC platforms within established enterprise frameworks
Strategic Alignment & Leadership
Align operational activities with strategic objectives by participating in medium-term planning (6-18 months) and ensuring risk initiatives support business goals and regulatory expectations
Lead senior stakeholder workshops on complex risk topics, facilitating decision-making and consensus-building around risk tolerance and treatment strategies
Coordinate cross-functional risk initiatives across Security, IT, Legal, and Business teams to ensure comprehensive risk coverage and strategic execution
Contribute to the strategic vision and roadmap for Enterprise Risk Management, developing reusable, scalable solutions to enhance program efficiency and support organizational growth
Stakeholder Engagement & Risk Communication
Educate senior stakeholders on cybersecurity risk requirements and emerging threats through workshops, strategic sessions, and consultation to improve organizational risk awareness and readiness
Facilitate decision-making processes around complex risk scenarios, helping leadership understand risk tolerance options and treatment strategies
Provide expert guidance on risk assessment and treatment across diverse business contexts and technical environments
You Own This If You Have...
Required Qualifications
Experience:
6-8 years of cybersecurity risk management experience with demonstrated leadership of cross-functional initiatives
Proven track record of designing and implementing enterprise-level risk methodologies across multiple domains
Experience managing external audit engagements and serving as primary liaison with auditors and risk stakeholders
Demonstrated ability to align risk operations with strategic business objectives through medium-term planning
Education:
Bachelor's or Master's degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related field, or equivalent work experience
Technical Knowledge:
Expertise in multiple cybersecurity risk domains and frameworks (NIST CSF, ISO 27001, NIST RMF, CIS Controls, SOC 2, PCI DSS)
Deep understanding of enterprise risk architecture and integrated control frameworks
Knowledge of operational workflow design and process optimization for risk management
Experience developing operational standards and quality criteria for risk management processes
Skills:
Advanced methodology development and enterprise framework design capabilities
Excellence in stakeholder management and external audit relationship management
Strong ability to facilitate senior leadership workshops and drive consensus on complex risk topics
Ability to make significant commitments and design workflows within enterprise governance structures
Excellent written and verbal communications, including presentation skills, and proven ability to effectively communicate with all levels of the organization, as well as with external parties and auditors
Strong bias for results and can operate with autonomy to address bottlenecks, provide escalation management, anticipate and make trade-offs, and encourage behavior to maximize business benefit
Preferred Qualifications
Advanced Education:
Master's degree in Cybersecurity, Risk Management, or Business Administration valued
Advanced Certifications:
Multiple advanced professional certifications preferred (CISSP, CRISC, CISA, CISM)
Specialized certifications valued (CISSP-ISSAP, CISSP-ISSEP, SABSA, TOGAF, or equivalent architecture/management certifications)
Additional Experience:
Experience with GRC platform implementation and management
Background in consulting or audit firms focused on cybersecurity risk
Experience leading enterprise-wide risk transformation initiatives
Technical background with demonstrated proficiency in security tooling and automation
We've got you covered...
Our employees are our most important asset and that's reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:
Medical/Vision, Dental, Retirement and Paid Time Away
Life Insurance and Disability
Merchandise Discount and EAP Resources
A few more important points...
The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.
For Los Angeles or San Francisco applicants: Nordstrom is required to inform you that we conduct background checks after conditional offer and consider qualified applicants with criminal histories in a manner consistent with legal requirements per Los Angeles, Cal. Muni. Code 189.04 and the San Francisco Fair Chance Ordinance. For additional state and location specific notices, please refer to the Legal Notices document within the FAQ section of the Nordstrom Careers site.
Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com.
Please be mindful that there may be legal notices and requirements related to this job posting that are specific to your state. Review the Career Site FAQ's (https://careers.nordstrom.com/#/contact-us/faq) for relevant information and guidelines.
© 2022 Nordstrom, Inc
Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.
Nordstrom keeps job postings open for at least one day after the posting date.
Pay Range Details
The pay range(s) below has been provided in compliance with state specific laws. Pay ranges may be different for other locations. Pay offers are dependent on the location, as well as job-related knowledge, skills, and experience.
$166,000.00 - $258,000.00 Annual
This position may be eligible for performance-based incentives/bonuses. Benefits include 401k, medical/vision/dental/life/disability insurance options, PTO accruals, Holidays, and more. Eligibility requirements may apply based on location, job level, classification, and length of employment. Learn more in the Nordstrom Benefits Overview by copying and pasting the following URL into your browser: https://careers.nordstrom.com/pdfs/Ben Overview 17-19.pdf
About Us
We're a fast-moving fashion company that started as a shoe store in 1901. This heritage of service is the foundation we're building on as we provide convenience and true connection for our customers. We empower our people to be innovative, creative and focused on providing the best service to our customers. Through it all, we remain committed to leaving the world better than we found it.
Whether you're a genius engineer, a phenomenal salesperson or a supply chain pro, we invite you to bring your unique talents and join our team. We reward great work, promote from within and celebrate diversity.
CUSTOMER OBSESSEDWe strive to know our customers better than anyone else. We listen, anticipate, build trust and move with speed to deliver on their needs.
OWNERS AT HEARTWe treat every interaction as an opportunity to make an impact and deliver excellence.
CURIOUS AND EVER CHANGINGWe approach problems with curiosity and create solutions. We unlock potential to be bold, think big and inspire innovation.
HERE TO WINWe're committed to delivering results, both today and tomorrow. We win as a team by supporting and challenging one another to be better every day.
WE EXTEND OURSELVESWe treat each other with respect and kindness. We do the small things that make a big difference. We create a welcoming environment, helping people feel connected, valued and part of one community.
Come on! Join us!
