Sr IT Analyst Risk Mgmt

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability-and is recognized that way. We've been defined as a "mature start-up." A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We're engineering for the future of retail, and it's no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you'll find that virtually nothing's impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE:

The IT Risk Assessment Sr. Analyst has responsibilities in advancing Ulta IT risk management program and strengthening enterprise resilience. The IT Risk Management Sr. Analyst help implement and mature risk framework, facilitate issue management process, administer use of ServiceNow Integrated Risk Management (IRM), and partner across cybersecurity, IT, compliance, and business teams to embed effective controls and drive risk transparency.

YOU'LL ACCOMPLISH THESE GOALS BY:

• Business Process Improvement: Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends new approaches, typically seeking to exploit technology components. Evaluates the financial, cultural, technological, organizational, and environmental factors which must be addressed in the change program. Develops business requirements for the implementation of significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.
• IT Governance - Understands relevant standards and the principles embedded within them. Evaluates new business proposals and provides specialist advice on compliance issues.
• Data Analysis: Reviews and investigates corporate data requirements, and undertakes data analysis, data modelling and quality assurance techniques, to establish, modify or maintain data structures and their associated components.
• Information Management: Ensures that the business processes and information required to support the organization are defined and devises appropriate standards, processes, and data architectures. Evaluates the impact of any relevant statutory, internal, or external regulations on the organization's use of information and develops strategies for compliance.
• Problem Management: Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Leads the development of problem solutions. Coordinates the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.
• Relationship Management: Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining, and working to stakeholder engagement strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Contributes to the development and enhancement of customer and stakeholder relationships.

ADDITIONAL RESPONSIBILITIES:

• Maintain and enhance the IT risk management framework aligned to industry standards (e.g., NIST CSF, ISO 27001)
• Partner with IT Owners to document IT controls and processes that meet organization security policies & standards.
• Collaborate with stakeholders to identify, assess, and document IT and cyber risks across business and technology environments.
• Manage risk registers, mitigation plans, and risk treatment workflows within the risk platform.
• Create and deliver reports on compliance status, vulnerability assessments, and risk management activities.
• Support the issue management lifecycle, ensuring timely tracking, escalation, and resolution.
• Work closely with IT, legal, and compliance teams to ensure alignment of security practices with organizational goals and regulatory requirements.
• Contribute to ongoing process improvements and automation efforts within the risk and issue management programs.
• Foster a high-performance, risk managed, compliant culture within IT by evangelizing the importance of risk managed solutions.
• Stay current with changes in regulations, standards, and industry best practices to ensure ongoing compliance and risk awareness.
• Provide education & awareness to the control owners so they better understand technology risk and control frameworks & their responsibilities.

ESSENTIALS FOR SUCCESS:

• Bachelor's degree in a technical discipline, a related field, or applicable work experience
• 5+ years of experience in one or more risk management areas
• 3+ years of experience in an information security compliance, audit, or risk management role
• Understanding of SOX requirements and IT General Controls
• Working knowledge of risk frameworks and standards such as NIST, ISO 27001, SOX, PCI DSS, and GDPR/CCPA
• Demonstrated experience implementing and assessing IT frameworks, policies, standards, guidelines, and other regulatory mandates.
• Experience developing and implementing automation for controls and compliance is preferred.
• Experience with Governance Risk and Compliance platforms like ServiceNow, and good knowledge of Infrastructure components & Cloud technologies preferred.
• CISA, CISM, CISSP or other officially recognized certification would be desirable.
• Strong experience in Information Risk Management best practices
• Experience interacting with business and IT users to support issue management processes.
• Strong analysis/troubleshooting skills
• Excellent communication skills; feels comfortable working with non-technical business partners.
• Flexibility of providing support during odd hours, weekends, and peak seasons
• Minimal travel required (training/conferences)

The pay range for this position is $102,900.00 - $130,000.00 / Year with the opportunity for eligible associates to earn additional compensation pursuant to the Company's bonus plan. Exact pay will be based on factors including, but not limited to relevant education, qualifications, certifications, experience, level, shift, geographic location, and business and organizational needs. Full-time positions are eligible for paid time off, health, dental, vision, life and disability benefits. Part-time positions are eligible for dental, vision, life, and disability benefits. For additional information concerning our benefits, visit our Benefits and Career Development page:

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty's own private label. Ulta Beauty also offers a full-service salon in every store featuring-hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.