Dir, IT Information Sec

Overall Job Summary

The individual in this role will be a key leader in a cybersecurity program supporting a highly dynamic and fast-paced retail company. The Director will lead the IT Security Risk and Compliance teams with a focus on delivering reliable and scalable cybersecurity and IT risk management services. Success will be achieved by blending technical expertise and business insight to minimize risk and ensure compliance while supporting the growth of digital services at TSC

Essential Duties and Responsibilities (Min 5%)

• Provide leadership and technical direction to deliver cybersecurity, IT risk, and compliance capabilities that address both 1st and 3rd party risks.
• Develop and execute a comprehensive strategy for defensive security, threat mitigation, and risk reduction following standards-based frameworks including NIST CSF and NIST P.
• Ensure adequate and timely resolution of audit, compliance, and regulatory requirements.
• Partner with IT and business leaders to influence and ensure alignment and support for cybersecurity policies, standards, and operating procedures.
• Collaborate with fellow leaders of IT and business teams to support their requirements for cybersecurity solutions and expertise.
• Research and recommend security and risk technologies that can be applied to technology solutions being developed or maintained internally and externally.
• Develop, mentor, and lead a high-performing team of information security and risk experts.
   

Required Qualifications

Experience:  9+ years of progressive cybersecurity, IT risk, and compliance experience. Relevant experience in retail, Big4 or enterprise IT audit, and security consulting is preferred.  Deep knowledge and practical experience in enterprise IT risk management programs using NIST, FAIR, ISO, and other relevant IT control frameworks.  Deep knowledge and practical experience with PCI, SOX, IT General Controls, and third-party risk management.

Education: Bachelor’s Degree in Cybersecurity, Computer Science, or a related field.  Any suitable combination of education and experience will be considered.

Professional Certifications: CISSP, CISA, CRISC, CISM, SANS GIAC, or another relevant security or governance certification(s) desired.
 

Preferred knowledge, skills or abilities

• Track record of delivering effective solutions in collaboration with multiple stakeholder groups and contending priorities.
• Current knowledge of evolving threats, attacker techniques, and options for risk mitigation
• Practical understanding of data protection policies and standards, and privacy regulations
• Experience with financial management, budgeting, and forecasting.
• Excellent verbal and written communication skills.
• Excellent analytical, problem-solving, project management, and planning skills
• Strong vendor management and negotiation/mediation skills
• Eligible to work in the United States without company sponsorship.
   

Working Conditions

Physical Requirements

Disclaimer

This job description represents an overview of the responsibilities for the above referenced position.  It is not intended to represent a comprehensive list of responsibilities.  A team member should perform all duties as assigned by his/ her supervisor.