Director Information Security and Data Privacy
Posted Date: Aug-16-2017
Job ID: 8615
Job Type: Full Time
Job Function: Legal
What's cool about this job
Do you have experience building and leading Cyber Incident Response Teams? Do you also enjoy working in a fast passed retail environment driven by the most advanced security and business delivery technologies? If you said yes to each of the questions above, then we have an opportunity for you. We are seeking a Director of Information Security and Privacy within our Enterprise Information Security team.
This role contributes to REI’s success by leading the enterprise-wide Information Security and Data Privacy and Compliance programs, made up of Operational Security, Security Engineering & Architecture, Data Privacy and Cyber Risk Management. Leads the development, implementation and continuous improvement of the Information Security and Data Privacy programs. Leads, coordinates and collaborates with senior leadership across the Co-op to identify and manage risks to acceptable levels.
- Provides enterprise-wide leadership and direction in all areas of information security, cyber risk management, data privacy and security programs. Collaborates with senior leadership throughout the coop to effectively resolve security related issues.
- Establishes and implements information security goals, objectives, strategic plans, policies, standards and operating procedures, as well as monitors and evaluates effectiveness.
- Designs, establishes and maintains an organizational structure and staffing plan for the Information Security program.
- Develops, manages and monitors Information Security’s budget, long-range planning and continuously improves effectiveness of such budget.
- Monitors information security conditions and conducts ongoing risk analysis of trends within Retail industry, advising leadership of new risks and direction.
- Provides leadership and guidance to departments across the coop impacted by regulatory compliance, such as Payment Card Industry (PCI).
- Provides enterprise-wide guidance regarding “best practice” business security standards, solutions and guidance to maintain acceptable risks to assets.
- Interprets security laws, regulations, and contract requirements; directs subordinates in enforcing compliance; and maintains active relationships with law enforcement, regulatory agencies, and other sources of security requirements.
- Provides oversight to information security incident response planning and investigation of breaches; assists with disciplinary and legal matters associated with such breaches.
- Provides reports to superiors regarding effectiveness of information security programs and makes recommendations for the adoption of new program objectives.
- Develops and implements an information security training strategy for the coop, partnering with key stakeholders throughout other departments.
Bring your passion and expertise
- 12+ years of relevant InfoSec experience.
- Master’s degree in computer science or business administration, or equivalent training and experience.
- 5+ years’ supervisory experience in the information technology field and the ability to direct technical work teams.
- 8+ years’ experience in information security.
- Multiple major security certifications including CISSP, CISM, CISA or other related certifications.
- Experience with NIST or ISO standards, building programs and execution
- Strong working knowledge of essential security metrics.
- Strong working knowledge of information technology and security best practices.
- Strong working knowledge of Federal, State and local regulations, national standards, Payment Card Industry (PCI) and other applicable regulatory requirements.
- Ability to develop department-level strategic plans, business plans and annual budgets.
- Ability to negotiate contracts and agreements with vendors and service providers in the information technology business (Preferred)
- Knowledge of methodologies, standards, procedures and organization that contribute to the development and deployment of technology solutions.
- Skills in resource management, project prioritization, problem-solving, issue management and negotiation, and mediation.
- Experience with structured project life cycle, systems development management tools and service management methodologies such as Information Technology Infrastructure Library (ITIL).
- Builds capacity of individuals and teams through effective employee development, involvement, communication, and supervision efforts.
Why you'll love it here
REI’s Enterprise Information Security Program is one of the most highly sought teams to join at REI. We are a highly collaborative group that leverages advanced technologies to do their jobs. And, we have the support and confidence of REI’s leadership team to take on and mitigate cyber security threats. If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.
At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.
With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.
REI is an Equal Opportunity Employer