Deputy Chief, Information Security


Posted Date
Job ID
Job Function
Information Technology
REI City
REI State
REI Location
Seattle HQ
Remote Eligible
Please visit the Covid-19 Hiring Updates before applying
What's cool about this job

The Deputy Chief Information Security Officer (Director of Information Security), is accountable for REI’s overall Information Technology (IT) security program. This includes but is not limited to leading security architecture and engineering, vulnerability management, security portfolio and program management, security operations center and other various practices. The person in this role is the champion and advocate for IT security and works closely with REI’s CISO, enterprise risk management and security organization. This job contributes to REI’s success by developing, recommending and leading planning, strategies, and implementation of REI’s IT security program to ensure the IT environment (applications, infrastructure, SaaS, Cloud Services, and on premise data centers) is secure and protected from intentional or inadvertent modification, disclosure or destruction. Leads, coordinates and collaborates with IT leaders, managers, and staff to implement tools and processes throughout the security development lifecycle for intrusion detection and protection. The Deputy CISO actively keeps abreast of new technology and IT service delivery methods to ensure REI is up to date with current IT security practices.

Leading the Way (team leadership, coaching and development responsibilities for this “manager of staff”)

· Identifies and communicates key responsibilities and practices to ensure the organization promotes a successful attitude, confidence in leadership, and teamwork to achieve business results.

· Drives the implementation of company programs, procedures, methods and practices to promote REI key messages.

· Oversees training and development of managers of employees directly and indirectly managed and makes effective staffing decisions.

· Provides coaching, direction and leadership support to managers of employees in order to achieve department, company and customer results.

· Monitors operational statistics, reports trends, variances and issues, and takes appropriate action.

Your Planning & Navigating Requirements (the plans the job is responsible for creating and executing, and how the job ensures they are implemented)

· Accountable for identifying and assessing IT security-related issues currently and potentially impacting IT and business performance.

· Oversees IT security architecture including but not limited to roadmaps, assessments, principles, standards and security development lifecycle. Aligns with Enterprise Architecture on architecture principles and standards.

· Accountable for overseeing security operations center and associated tools.

· Directs the development of tools and design or re-engineering of processes for intrusion detection and prevention based on current best practices in the industry.

· Oversees vulnerability management including scanning, testing, remediation, and reporting.

· Participates in division strategic planning, applying a current knowledge and future vision of technology and systems which significantly impact the effective execution of business processes.

· Prepares budget recommendations for staffing needs, costs of equipment and tools, maintenance, and future projects. Sets IT Security and Risk Management investment portfolio in conjunction with IT leadership.

· Collaborates with other IT department leaders to identify business needs; plan, schedule, and coordinate work; and ensure integration of business needs and information technology solutions. .

· Creates and maintains staffing plans. Ensures the team is properly trained and staffed to handle the projected workload, both from an internal staffing and outsourcing standpoint.

· Manages other leaders and performs basic line supervision, including hiring, firing, conducting performance reviews, setting performance goals, promotions, salary increases, developing subordinates, and managing performance and discipline.

· Keeps abreast of technology changes and innovations in the information technology field generally, and acts as IT “guru” and resource relative to information technology security issues, trends, tools and solutions.

· Manages or coordinates vendor relationships and contracts for products, services and support.

Bring your passion and expertise
  •  7 years of information security leadership experience specific to security engineering/operations.
As required by applicable Pay Transparency laws, REI provides a range of minimum compensation for roles that may be hired in locations under these requirements. Factors that may be used to determine your actual salary may include a wide array of factors, including: your specific skills and experience, geographic location or other relevant factors. The salary range for this position may be lower or higher in different markets.

The pay for this role is:  
At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.