Manager, Information Security & Compliance
About the Job
This role in the Information Technology department is the senior most position that is dedicated to information security and compliance at Christmas Tree Shops. This associate will work closely with the CIO, developing our Information Security Strategy and collaborate with the head of applications and head of technology in the implementation of the various security-related solutions, configurations, etc. This role is also responsible for establishing and maintaining our Compliance with retail industry and governmental regulations.
SKILLS & RESPONSIBILITIES
- Cyber Security - responsible for the development and evolution of an Information Cyber Security Strategy and Roadmap, with help from the CIO and the heads of Technology and Enterprise Systems.
- Secure Network and Applications - partner with Enterprise Systems and Technology teams to embed security focus solutions in the enterprise - applications and infrastructure.
- Security Programs - create and implement enterprise-wide information security programs. One example will be to establish an MDR Service (Managed Detection & Response) capability with third-party provider.
- Data Privacy - understand Data Privacy regulations - e.g. PII - Personal Identifiable Information.
- Compliance - establish a thorough understanding of all governmental and industry Compliance regulations, laws, etc. that affect our business. Establish and drive the various project(s) with the goal of achieving certified compliance. E.g. PCI DSS (payment card industry data security standard), state and federal Consumer Privacy regulations.
- Policy - develop and maintain information security policies for the IT department and the company employees to follow. Monitor compliance of established company security policies.
- Education & Awareness - identify and implement information security policy education, training, and awareness programs. Consult with business leaders regarding their information security risks and responsibility in minimizing those risks.
- Security Risk Matrix - establish a security risk matrix and framework, demonstrating that we understand the breadth of risks that the enterprise must mitigate. Implement controls, policies, processes, programs, outside services, etc. to mitigate the documented risks and document the relationship between each risk and mitigating tools.
- Provisioning & Access - partner with the Technology team in IT on the provisioning of IT resources and system access.
- Incident Response - work with the head of Technology to develop an Incident Response Process and help manage going forward.
- Insurance - work with CFO, Legal, CIO, etc. to inform and help establish the company insurance policies against network and data breaches. Coordinate investigations and reporting of security incidents
- Budget - Work with CIO and IT Leadership to prioritize security initiatives. Develop the budget to support Security programs.
- Business Alignment - be an active participant in the business and a student of the business. Pursue a deep understanding of business functions. While providing the best possible technical solutions and services, act as an advocate for your business partners and the business at large.
- New and Leading Edge Technologies - Maintain a curiosity, an awareness and knowledge of new technologies, their possible advantages and applicable relevance to our business.
- Production Support - Maintain 24x7 availability to support production services.
- Policies and Procedures - Vigorously support and adhere to departmental policies and procedures, including but not limited to Project Management, Change Management, and Issue Management.
- Security & Compliance - support the efforts of the Security and Compliance associate(s) in the IT department to ensure that all necessary steps are taken to achieve the security and compliance goals of the department and the company.
- Vendor Relationship Management - Maintain good working relationships with our select group of third-party vendors, while also holding them accountable for quality service and results.
- Customer Relationship Management - Maintain good working relationships with business associates at all levels of the organization. Be honest, open, respectful, and helpful. Be empathetic toward business associates, be a good listener and provide pragmatic solutions to their challenges.
- Results oriented with a high degree of resilience and perseverance.
- Ability to maintain focus on goals and objectives that deliver results.
- Capable of leveraging data and analysis to identify trends.
- Acts with urgency to resolve issues impacting service or sales.
- Proactive. Able to anticipate obstacles and develop plans that deliver results.
- Weighs the impact on the customer in planning and decision making.
- Strong attention to detail, capable of identifying anomalies and taking action.
- Optimism and enthusiasm. People feel positively challenged when working with this person.
- Handle multiple tasks/projects with adherence to deadlines.
- Able to effectively interface with multiple levels of management.
- Must be a steward of ethics and discretion when it comes to handling sensitive information.
QUALIFICATIONS AND REQUIREMENTS
- Bachelor’s Degree in a relevant discipline is required.
- Minimum of 5 years’ experience in information security and compliance work, preferably in the retail sector.
- Certification of either CISA, CISSP or CISM is preferred
- PCI Tier 2 compliance experience is preferred
- Sarbanes-Oxley (SOX) compliance experience is preferred
- Superior communication skills.
- Prolonged periods of sitting at a desk and working on a computer.
ABOUT CHRISTMAS TREE SHOPS
Christmas Tree Shops is an off-price brick and mortar home goods retailer with a specialty in seasonal products. The Christmas Tree Shops experience revolves around a trend-right, always-changing mix of merchandise that makes each customer visit a shopping adventure of anticipation and delight. The 50-year-old company has roots in the Northeast with the first store located on Cape Cod, Massachusetts, and today operates 80 stores in 20 states under the banners of Christmas Tree Shops, Christmas Tree Shops andThat! or andThat!