• Bachelor’s degree and a minimum 3 years of Information Security experience or, in lieu of a bachelor’s degree, a high school diploma/GED and a minimum of 7 years of Information Security experience
• Relevant professional certifications or working towards attainment such as: GCIH/GSEC, CISM, CISA, CISSP, CCSP, Security+, CCNA
• Securing Windows, Linux, MacOS, iOS and Android platforms
• Application and TCP/IP network security technologies
• Information security concepts, principles and components of a comprehensive information security program
• Control frameworks and control objectives
• Self-motivated and outcome-oriented, including ability to prioritize conflicting demands.
• Exceptional organizational skills to balance work and support projects.
• Demonstrable leadership and interpersonal skills with experience in mentoring team members
• Strong initiative, consensus-building and ability to collaborate directly and build strong relationships with a variety of internal and external stakeholders (business, development, compliance, etc.)
• Strong written communication, professional verbal communication skills, experienced facilitator and presenter
• Ability to adapt and apply information to new scenarios and technologies.
Additional Preferred Qualifications
• Advanced knowledge of common web technologies, enterprise and network architecture
• Strong understanding of modern security tools and controls
• Understanding of web-based application architectures (IIS, Apache, etc.)
• Data protection controls
• Advanced knowledge of or demonstrated experience with defense in depth, trust levels, privileges and permissions
• Large complex multi-national retail services industry related experience
• Subject Matter Expertise - Information Security subject matter expert to the business, IT areas, project teams and vendors to apply and execute appropriate use of technology solutions. Leads efforts to examine technology vision, opportunities and challenges with regard to security standards and the impact of the technology. Retail industry regulations such as PCI, and SOX. Retail systems such as point-of-sale, IoT, mobile apps and technology.
• Security Trends - Continually works to enhance breadth and depth of knowledge and experience. Benchmarks technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on security solutions and prepares benchmarking reports and presentations.
• Project Oversight - Assesses project risk and complexity. Oversees project handoffs including preparing documentation, educating and supporting to ensure smooth transitions. Supports the selection and design of tools that allow reuse of design components and patterns between projects.
• Vendor/Tool Selection – Supports the research, evaluation, proof-of-concept, selection and implementation of technology solutions. Provides detailed analysis of pros and cons and build vs buy options. This includes interaction with vendors, IT and business area contacts to facilitate flexible, and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access and total cost. Oversees working solutions or prototypes and resolves any issues that arise.
• Process Improvement - Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and value delivered to customers.