DEPARTMENT : Information Technology
POSITION : Security and Business Continuity Manager
REPORTS TO : Global Chief Information Officer
GOAL : The Manager of Information Security and Business Continuity will be responsible for creation and enhancement of new or existing information security practices and the company's global business continuity plans and processes. The Manager will oversee all information security activities and ensure appropriate data security and protection of the confidentiality and integrity of customer, employee, and business information in compliance with all applicable governmental regulations including internal policies and standards. The Manager will also be responsible for the operations, development, implementation and ongoing management, testing and enhancement of business continuity and recovery strategies, systems, and programs.
PRINCIPLE DUTIES/ RESPONSIBILITIES :
Plan and direct the resources necessary to develop and support information security initiatives.
Define, gain agreement from Senior leadership and implement enterprise-wide security policies and procedures.
Conduct timely risk and vulnerability assessments, and driving corrective action
Establish metrics to ensure continuous improvement and ongoing compliance
Lead incident response activities
Support internal and external audit requirements
Provide management and oversight for IT compliance functions including identifying applicable regulatory compliance requirements
Principal liaison to both Internal and External audits concerning Information Technology examinations (including regulatory exams).
Maintain current understanding and fluency in information security technologies and related regulatory issues
Manage Information Technology Risk by maintaining the IT Risk Assessment and reporting to the IT senior management and collaborating with Internal Audit the various levels of risk to the organization.
Initiate, facilitate, and promote activities to create information security awareness with employees and customers through training initiatives
Advise the organization about information security technologies and related regulatory issues
In cooperation with senior management, owns the development and maintenance of an effective strategy to maintain continuity of operations, mitigate risk, and safeguard the organization.
Works with executive level and key stakeholders to develop and document the company's BC and DR requirements and plans that realize the strategy and satisfies business needs.
Defines, organizes, and manages business continuity and disaster recovery testing.
Act as chief Incident Manager when a Critical Incident is declared by executive management (President, COO, CIO)
Demonstrated expertise in designing and coordinating testing of applications and infrastructure.
Strong experience in performing information protection/security/risk assessments and remediation
Experience in analyzing and prioritizing threats and vulnerabilities
Excellent understanding of management of security alerting, protection, and monitoring systems
Working knowledge of both infrastructure and software technologies, investigation management and audit support
Experience in the evaluation, development, and implementation of security standards, procedures, and guidelines for multiple platforms and diverse systems environments
Knowledge of designing network vulnerability scans and providing remediation alternatives
Ability to identify emerging vulnerabilities and evaluating associated risks and threats
Strong experience with disaster recovery and business continuity planning, testing, auditing, risk analysis, and contingency planning.
Experience in managing third party vendors
Ability to respond effectively and be level-headed in crises, providing clear leadership in incident management
Experience with developing and implementing security awareness training programs and procedures
Demonstrated organization, facilitation, writing, documentation, communication, and presentation skills
Strong personal and professional ethical values and impeccable integrity
Self-starter with the energy level needed to meet this demanding role
Must be an intelligent, highly organized, articulate, professional and persuasive leader and has ability to communicate information security-related concepts to a broad range of technical and non-technical staff
Ability to read and interpret laws and policies and apply them appropriately
7 or more years of experience in an IT Security leadership role preferably in a retail / e-commerce environment.
Bachelor's degree in Computer Information Systems or the equivalent.
CISA (Certified Systems Auditor), CISSP (Certified Information Systems Security Professional) or equivalent certifications.
Intelligent, articulate and persuasive leader who can serve as an effective member of the IT management team and who is able to effectively communicate technical and security related concepts to a broad range of technical and non-technical professionals
Excellent communication skills, both written and verbal required
Demonstrated ability to prioritize Information Security projects and strategy based on defined corporate goals and initiatives
Familiarity with industry data security, privacy standards, relevant laws and regulatory requirements