Sr. Director, IT Security

HOW YOULL MAKE AN IMPACT
This role is responsible for establishing maintaining and overseeing the enterprise-wide vision strategy architecture policies and programs to ensure information assets are protected while maintaining an understanding and managing the risks and challenges facing the company and the retail industry. This role will ensure information technology (IT) systems networks and internal and external computing environments are secure and security and business continuity risk/reward decisions are balanced and comply with regulatory and legislative requirements.He/She will create an information privacy and security-conscious culture across the position will develop and implement information security initiatives; security frameworks; conduct and oversee security operations for the ongoing protection of the Carters global environment; monitor and audit compliance with regulatory and internal standards; and lead investigations related to policy violations security breaches and computer crimes.

Directs and manages the activities and personnel of the Information Security Services Team including focus on the following capabilities:

IT Policies Risk & Compliance 25%

• Oversees the development implementation and maintenance of global security policy enterprise security standards guidelines and procedures for appropriate risk mitigation and to support regulatory or industry compliance (e.g. SOX PCI HIIPA)

• Serves as an expert advisor to executive leadership Board or Directors and Audit Committee in the development implementation and maintenance of a strong information privacy and security program and infrastructureincluding network access and monitoring policies

• Develops policies and procedures to ensure physical safety of employees and visitors; Creates workplace violence awareness and prevention programs as in partnership with Facilities Management or corporate/enterprise Risk Management teams

• Collaborates with Legal Counsel Internal Audit on compliance security and privacy practices processes procedures and protocols; Monitors and reports statuses and actively participates in audits or reviews as

• Maintains relationships with local state and federal law enforcement and other related government agencies in support of security program and roadmap with partnership and direction from Legal Counsel

• Must be able to interact effectively with applications teams peers and management staff to create application security processes and protocols

• Must be able to develop manage and maintain the proposed capital and operating budget for IT Security Risk and Compliance department. Will conduct ongoing budget control through budget review and approval processes and monitor departmental performance

• Be engaged with and understanding of business environment projects considerations and constraints in implementing all policies and associated technologies
  

Security Operations Management 35%

• Be responsible for 24/7 security monitoring and threat detection/prevention for the organization

• Develop and report on security operations dashboards metrics and KPIs relevant to understanding improving Carters security capabilities and defense levels

• Foster and manage relationship with 3rd party MSSP/SOC provider to establish a true partnership with Carters organization
  

Security Engineering 40%

• Accountable to develop implement integrate and maintain the security strategy and roadmap including security tools and technologies.

• Provide leadership and management oversight for security tool deployment and implementation including applicable hardware software firewalls intrusion detection systems security event management systems anti-virus and malware solutions cryptography systems access control systems or any other device or solution for enterprise cyber and systems protection and monitoring.

• Develops emergency procedures and incident response protocols; acts as the control point during significant privacy and security incidents

• Understands potential threats vulnerabilities and control techniques. Monitors network of vendors and employees to ensure the safeguarding of information assets

• Investigates security breaches communicates to appropriate executive management and local information privacy and security leadership and pursues associated legal protocols in relation to any security investigation incident or security breach

• Conducts periodic penetration testing and security audits; establishes risk assessment criteria and methodology

• Builds and sustains strong relationships with Carters functional and technical teams and serves as a trusted advisor on security related matters for the organization

• Serves on the chair of the Information Governance and Privacy Committee; serves on the Compliance Committee and Risk Management Committee representing Information Systems as directed by their supervisor
  

Supervisory/ Budgetary/ External Communication Responsibility

• Manages a multi-functional team of 7 10 to include security engineering security operations and IT risk and compliance

• Manages a Managed Security Services Provider (or co-managed security provider) to augment teams ability to monitor and manage IT security events and manage security operations

• Manages a significant operational and capital budget for the security

• Required to communicate accordingly to Board Members Audit Committee Members on general security updates. Required to brief internal and external groups (auditors law enforcement etc.) in the event of security incidents or breach.
  

Secondary Functions

• Understands and supports the Companys goals and objectives and makes certain that his/her actions and decisions are consistent with them.

• Keeps his/her supervisor informed of all matters of importance and particularly those instances where deviations from planned results are likely to occur.

• Performs other responsibilities and duties as assigned by his/her supervisor.

OUR Team Members:

• Lead Courageously: Have a strong sense of personal values that align with our Company values

• Collaborates Broadly: Build cooperation trust and thrive in a consensus driven environment

• Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients

• Drive Growth: Set aggressive goals and implement plans precisely

• Cultivates Innovation: Respectfully challenge the weve always done it this way mentality and explore new ways to achieve desired outcomes

Make a career at Carters:

Career Development: Success starts from within and we have several paths from which you can choose to enhance your career evolution. From Carters University to Toastmasters to mentorship programs and more we encourage you to utilize these tools to elevate your professional prowess.