DIRECTOR OF INFORMATION SECURITY – HOME OFFICE – AUSTIN, TEXAS
About Kendra Scott:
We are a fun, talented and driven team dedicated to providing our customers with gorgeous products and a WOW! experience. Family, fashion and philanthropy are at the core of our company and though we move at a very fast pace, we are committed to maintaining a family-oriented work environment and giving back to our community. A passion for great design, dedication to innovation and a strong social media presence are our building blocks for creating a unique and engaging lifestyle brand across all channels, including retail stores, wholesale accounts and e-commerce. Our headquarters are located in the heart of Austin, Texas, and we embrace the unique vibe and energy of our hometown as an inspiration for our brand and company culture.
Position Overview:
Kendra Scott is looking to hire a Director of Information Security to provide vision and leadership for developing and supporting security initiatives. The Director of Information Security directs the planning and implementation of enterprise IT system, business operation, and facility defenses against security breaches and vulnerability issues.
As Director of Information Security, you’ll lead and guide multiple IT disciplines to ensure the appropriate protections, procedures, and tools are in place to secure organizational systems and address threats while enabling the deployment of technology to drive business objectives. You will develop and enforce security programs and processes related to Risk and Compliance, Vulnerability Management, Incident Response, Associate Awareness, Testing, and Secure Coding. You will direct internal associates and external vendors/partners to ensure IT disciplines address appropriate protections and procedures are in place to secure organizational systems. You’ll safeguard all parts of our organization from digital threats and data breaches while overseeing ongoing risk assessments, incident responses, risk remediation efforts, and the implementation of measures to drive security feature/control development.
Responsibilities:
• Develops information security roadmap that aligns with the strategic plan
• Creates and delivers documentation regarding best practices, standards, operating policies, processes and procedures
• Stays current on emerging security tools and technologies
• Demonstrates effective, judgment, decision making, results delivery, team building, and the ability to stay current with relevant technologies and information security concepts
• Monitors internal control systems to ensure appropriate information access levels and security parameters are maintained
• Monitors compliance with the organization's information security policies and procedures among employees, contractors and third parties
• Sets information security direction for projects and ensures compliance
• Coordinates audit activities and ensures compliance in accordance with security standards required by appropriate governing body including but not limited to PCI, SOX and HIPAA
• Participates in the Computer Incident Response Plan procedures
• Develops and instills strong, independent associates and teams that assume ownership and responsibility for their areas and deliverables
• Monitors and provides continual feedback to associates regarding job results through coaching and counseling
• Manages organizational security policies and procedures to ensure ongoing security and regulatory compliance in all technology areas
• Works cross functionally with other Business and IT partners to align on requirements and objectives
• Ensures appropriate security measures are in place relative to the organizations risks related to the Retail Industry
Our Ideal Candidate will have:
• BS/BA degree in Computer Science, Information Security or related discipline
• CISSP certification required, other security certifications (GSEC, CISA, CISM, MCSA, MCSE, CCNA, CCNP).
• 10 years of Information Security, preferably in a Retail environment
• A minimum of 5 years of experience in a Security leadership/management level role
• Broad range of knowledge of security and risk points across an omnichannel Retail business model
• Experience both maintaining and building/deploying new solutions
• Knowledge of security at every level of the technology stack
• Proactive, strategic thinker and detail-oriented
• Project Management experience
• Strong risk, regulatory and compliance experience (SOX/PCI/HIPAA)
• Knowledge and experience of information security technologies and vendors (firewalls, intrusion prevention, vulnerability assessment/management, web and application development, security event monitoring)
• Experience interfacing with multiple external vendors
• Experience with on-premise solutions and multiple cloud platforms (public, private, hybrid)
• Familiar with SOA architectural styles
• Experience with MS O365, Visio, Atlassian Jira, Confluence