Director Information Security and Data Privacy

Posted Date: Aug-16-2017

Job ID: 8615

Job Type: Full Time

Job Function: Legal

City: Bellevue

State: Washington

What's cool about this job

Do you have experience building and leading Cyber Incident Response Teams? Do you also enjoy working in a fast passed retail environment driven by the most advanced security and business delivery technologies?  If you said yes to each of the questions above, then we have an opportunity for you. We are seeking a Director of Information Security and Privacy within our Enterprise Information Security team. 

This role contributes to REI’s success by leading the enterprise-wide Information Security and Data Privacy and Compliance programs, made up of Operational Security, Security Engineering & Architecture, Data Privacy and Cyber Risk Management.  Leads the development, implementation and continuous improvement of the Information Security and Data Privacy programs.  Leads, coordinates and collaborates with senior leadership across the Co-op to identify and manage risks to acceptable levels.  

  • Provides enterprise-wide leadership and direction in all areas of information security, cyber risk management, data privacy and security programs.  Collaborates with senior leadership throughout the coop to effectively resolve security related issues.
  • Establishes and implements information security goals, objectives, strategic plans, policies, standards and operating procedures, as well as monitors and evaluates effectiveness.
  • Designs, establishes and maintains an organizational structure and staffing plan for the Information Security program.
  • Develops, manages and monitors Information Security’s budget, long-range planning and continuously improves effectiveness of such budget.
  • Monitors information security conditions and conducts ongoing risk analysis of trends within Retail industry, advising leadership of new risks and direction.
  • Provides leadership and guidance to departments across the coop impacted by regulatory compliance, such as Payment Card Industry (PCI).
  • Provides enterprise-wide guidance regarding “best practice” business security standards, solutions and guidance to maintain acceptable risks to assets.
  • Interprets security laws, regulations, and contract requirements; directs subordinates in enforcing compliance; and maintains active relationships with law enforcement, regulatory agencies, and other sources of security requirements.
  • Provides oversight to information security incident response planning and investigation of breaches; assists with disciplinary and legal matters associated with such breaches.
  • Provides reports to superiors regarding effectiveness of information security programs and makes recommendations for the adoption of new program objectives.
  • Develops and implements an information security training strategy for the coop, partnering with key stakeholders throughout other departments.

Bring your passion and expertise

  • 12+ years of relevant InfoSec experience.
  • Master’s degree in computer science or business administration, or equivalent training and experience.
  • 5+ years’ supervisory experience in the information technology field and the ability to direct technical work teams.
  • 8+ years’ experience in information security. 
  • Multiple major security certifications including CISSP, CISM, CISA or other related certifications.
  • Experience with NIST or ISO standards, building programs and execution
  • Strong working knowledge of essential security metrics.
  • Strong working knowledge of information technology and security best practices.
  • Strong working knowledge of Federal, State and local regulations, national standards, Payment Card Industry (PCI) and other applicable regulatory requirements.
  • Ability to develop department-level strategic plans, business plans and annual budgets.
  • Ability to negotiate contracts and agreements with vendors and service providers in the information technology business (Preferred)
  • Knowledge of methodologies, standards, procedures and organization that contribute to the development and deployment of technology solutions.
  • Skills in resource management, project prioritization, problem-solving, issue management and negotiation, and mediation.
  • Experience with structured project life cycle, systems development management tools and service management methodologies such as Information Technology Infrastructure Library (ITIL).
  • Builds capacity of individuals and teams through effective employee development, involvement, communication, and supervision efforts.

Why you'll love it here

REI’s Enterprise Information Security Program is one of the most highly sought teams to join at REI.  We are a highly collaborative group that leverages advanced technologies to do their jobs.  And, we have the support and confidence of REI’s leadership team to take on and mitigate cyber security threats.  If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.