Senior Director of Information Security

About Us:

Rent the Runway (RTR) is transforming the way we get dressed by pioneering the worlds first Closet in the Cloud. Founded in 2009 RTR has disrupted the $2.4 trillion fashion industry by inspiring women with a more joyful sustainable and financially-savvy way to feel their best every day. As the ultimate destination for circular fashion the brand now offers infinite points of access to its shared closet via a fully customizable subscription to fashion one-time rental or ownership. RTR offers designer apparel and accessories from hundreds of brand partners and has built in-house proprietary technology and a one-of-a-kind reverse logistics operation. Under CEO and Co-Founder Jennifer Hymans leadership RTR has been named to CNBCs Disruptor 50 five times in ten years and has been placed on Fast Companys Most Innovative Companies list multiple times while Hyman herself has been named to the TIME 100 most influential people in the world and as one of People magazines Women Changing the World.

About the Job:

RTR is seeking a highly motivated and experienced Senior Director of Information Security to lead our information security program protecting both corporate and customer assets. This role is crucial in establishing and maintaining a robust security posture adhering to NIST best practices and ensuring compliance with relevant regulations. The Director will oversee all Information Security efforts including Governance Risk and Compliance (GRC) Fraud Prevention and Privacy compliance initiatives playing a key role in safeguarding our data and maintaining customer trust.

You will report to the VP CISO and work collaboratively with the other members of RTRs teams. You will work from Rent the Runways Brooklyn headquarters Monday - Thursday.

What Youll Do:

• Strategic Leadership: Develop implement and maintain a comprehensive information security strategy aligned with RTRs business objectives risk tolerance and industry best practices.
• NIST Framework Implementation: Direct the implementation and ongoing management of the NIST Cybersecurity Framework ensuring that security controls and processes are effectively applied and continuously improved.
• Governance Risk and Compliance (GRC):
  • Establish and maintain a robust GRC program including the development and enforcement of security policies standards and procedures.
  • Oversee risk assessments vulnerability management and security audits to identify and mitigate potential threats and ensure compliance with internal and external requirements.
  • Manage security and privacy awareness training programs to promote a security- and privacy-conscious culture.
• Fraud Prevention: Develop and implement effective strategies systems and controls to prevent detect and respond to fraudulent e-commerce activities protecting RTRs assets and customers.
• PCI-DSS Compliance: Oversee Payment Card Industry Data Security Standard (PCI-DSS) compliance to ensure secure handling of payment card information.
• Privacy Compliance: Build and manage technical and operational aspects of RTRs privacy compliance program; partner with Legal and other teams to establish policies and procedures to safeguard personal data; partner with Product Engineering and Marketing teams to implement privacy by design principles.
• Incident Response: Lead the development implementation and execution of the incident response plan including the investigation containment and remediation of security incidents.
• Security Architecture: Collaborate with IT and engineering teams to integrate security best practices into the design development and deployment of systems and applications.
• Application Security: Drive the implementation of secure software development lifecycle (SSDLC) practices and conduct regular application security assessments (e.g. SAST DAST penetration testing).
• Cloud Datacenter Security: Oversee the security of cloud environments and datacenter infrastructure ensuring robust controls configurations and monitoring are in place.
• Vendor Security: Manage third-party vendor security risks by establishing and enforcing security requirements conducting assessments and monitoring compliance.
• Team Management: Build mentor and lead a high-performing information security team fostering a collaborative and results-oriented environment.
• Communication and Reporting: Provide regular updates to senior management on the organizations security posture risks and compliance efforts.

About You:

• Bachelors degree in Computer Science Information Security or a related field. Masters degree preferred.
• Minimum of 10 years of experience in information security with at least 5 years in a leadership role.
• Deep knowledge and practical experience with the NIST Cybersecurity Framework.
• Proven experience in developing and managing GRC programs including risk assessments security policies and compliance audits.
• Demonstrated experience in fraud prevention strategies and techniques.
• Strong understanding of privacy laws and regulations (e.g. GDPR CCPA) and experience in implementing privacy compliance programs and privacy by design principles.
• Extensive knowledge of security technologies and best practices including network security endpoint security cloud security identity and access management vulnerability management and incident response.
• Excellent leadership communication and interpersonal skills with the ability to effectively communicate complex security concepts to both technical and non-technical audiences.
• Relevant certifications such as CISSP CISM or CISA are strongly preferred.
• Experience in mention any specific industry relevant to the company is a plus.
• Strong analytical and problem-solving skills.

Benefits:

At Rent the Runway were committed to the wellbeing of our employees and aim to create a workplace that fosters both personal and professional growth. Our inclusive benefits include but are not limited to:

• Paid Time Off including vacation paid bereavement and family sick leave - every employee needs time to take care of themselves and their family.
• Universal Paid Parental Leave for both parents flexible return to work program - because we know your newest family member(s) deserve your undivided attention.
• Paid Sabbatical after 5 years of continuous service - Unplug recharge and have some fun!
• Exclusive employee subscription and rental discounts - to ensure you experience the magic of renting the runway (and give us valued feedback!).
• Comprehensive health vision dental FSA and dependent care from day 1 of employment - Your health comes first and weve got you covered.
• 401k match - an investment in your future.
• Company wide events and outings - our team spirit is no joke - we know how to have fun!
• Office centric work - our corporate employees and technical leaders have the option to work remotely on Fridays in accordance with Company policies.

Rent the Runway is an equal opportunity employer. In accordance with applicable law we prohibit discrimination against any applicant or employee based on any legally-recognized basis including but not limited to: race color religion sex (including pregnancy lactation childbirth or related medical conditions) sexual orientation gender identity age (40 and over) national origin or ancestry citizenship status physical or mental disability genetic information (including testing and characteristics) veteran status uniformed service member status or any other status protected by federal state or local law.

The anticipated base salary for this position is $184000 to $240000. The actual base salary offered will depend on a variety of factors including without limitation the qualifications of the individual applicant for the position years of relevant experience level of education attained certifications or other professional licenses held. This position is also eligible for equity compensation.

#LI-EM1

By submitting your application below you agree that you have read and acknowledge Rent the Runways Candidate Privacy Policy found here.