The Director, Information Security plays an integral role in the leadership and development of the Information Security team and is responsible for securing customer, employee, and corporate data within Torrid. Specifically, this leader and his/her team is responsible for monitoring and reporting on the security health of Torrid's data systems, implementing and administering all cyber security technologies, delivering key cyber risk metrics to stakeholders at all levels of the company, maintaining data regulatory compliance, defining data security policies and guidelines. In addition, this leadership role will lead Torrid's Business Continuity and Disaster Recovery program.
What you'll do...
Build and lead key security roles within Torrid, including: Data Security Compliance, Security Operations, Security Engineering, and DevSecOps
Build and guide the Information Security team in developing individual skillsets to maximize personal growth and team success
Ensure Torrid is compliant with all data compliance requirements, including SOX, CCPA, GDPR, ADA and PCI
Develop and maintain Torrid's Cyber Incident Response Plan; ensuring all required participants are trained in response protocols
In partnership with Torrid's Information Technology teams, ensure that critical business systems are resilient to cyber events
Work alongside other Torrid teams to identify areas of cyber risk to the organization and assist with reducing those risks to acceptable levels
Define, direct, and oversee the execution of security processes in the areas of intrusion prevention, security event monitoring/SIEM, vulnerability management, privilege access management, web filtering, and VPN
Recommend security solutions that drive improvements in the capability and functionality of the cyber security program
Serve as a subject matter expert providing advisory services related to Torrid's security architecture strategy, as well as, security requirements for all internal and external business partners
Establish, monitor, evaluate, and report key performance and risk indicators (KPIs and KRIs) to provide leadership with accurate and timely information regarding the effectiveness of the information security strategy
Develop DevSecOps functions within Torrid and ensure code development is aligned with industry best practices
Manage the gathering and analysis of Torrid's data to ensure actionable information is available and responded in accordance with defined SLAs
Define 3rd party data security requirements and perform cyber risk assessments of Torrid's current and prospective 3rd party vendors ensuring all appropriate controls are applied
Maintain a roadmap for the development of security architecture and standards
Ensure that the Global Security Strategy is meeting the security and privacy needs of internal and external customers
Provide strategic and tactical security guidance for new and existing technical solutions
Communicate and promote the awareness of information security, information risk, and privacy to business units, customers and partners
Provide direct leadership of security projects to improve operational efforts
Participate in on-call support and issue escalation, as needed
Develops, oversees, and regularly tests IT disaster recovery procedures to assure business continuity for both central and distributed systems and services.
What you'll need...
5-7 years' experience in a Cyber Security leadership role reporting directly to the CIO or CTO.
10 years' experience operating, monitoring and enforcing security policies, standards, tools, controls and systems in large scale organizations where you directly managed employees.
Prior experience with PCI compliance in a retail organization and implementing a NIST cybersecurity framework.
Deep understanding of Payment Card Industry (PCI) Data Security Standard (DSS), ISO 27001/27002, SSAE-16, COBIT, ITIL, Personally Identifiable Information (PII), NIST Cyber Security Framework, and other regulatory compliance, privacy standards, and legislation.
Broad understanding of Networking Protocols, Netflow, Routing, DNS, Firewalls (Palo Alto Networks and Cisco ASA), Wireless, Operating Systems (including Windows, MacOS, and Linux), Virtualization (VMware ESX), Databases (MS SQL, Oracle, MySQL), Payment Applications, Retail Operations and Processes (Oracle ORPOS and XStore), Cryptography, PKI, Patch Management, Scripting, Mobile Device Management, and Disaster Recovery
Educational knowledge or work experience with behavioral analytics technologies
Proficiency in managing onshore/offshore teams and large scale projects
Proficiency in establishing and maintaining effective working relationships with employees, business partners and third party vendors.
Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization
Strong understanding and/or experience with Security Information and Event Management (SIEM), Vulnerability Management, Penetration Testing, Authentication Methods, Identity and Access Management (IAM), Anti-Malware and Malware Analysis/Remediation, Intrusion Detection and Intrusion Prevention (IDS/IPS), Web Application Firewalls, File Integrity Monitoring (FIM), Incident Response/Forensics, Physical Access Controls and Security Best Practices
Excellent verbal and written communication skills for technical and non-technical audiences of various levels in the organization
A "breaker" mindset. You ask, "How are things NOT supposed work?"
Excellent verbal and written communication skills with a wide range of audiences including executives, business stakeholders and IT team members
Great attitude and strong work ethic
High level of creativity, quick problem-solving capabilities and strong analytical skills
High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
Must be a critical thinker with strong problem-solving skills
Ability to work on multiple projects and meet deadlines by setting priorities with work projects
Ability to establish and maintain effective working relationships with coworkers and clients
High degree of initiative, dependability and ability to work with little supervision.
Fluent written and spoken English
BA/BS degree in Computer Science, Information Security or equivalent mix of education and experience
Master's or other advanced degree in Cyber Security preferred
Professional security management certifications, such as Global Information Assurance Certifications, Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), Certified Information Security Manager (CISM), AWS Certified Security Specialty, Palo Alto Networks Certified Network Security Administrator (PCNSA), or other similar credentials desired.
What you'll get...
Our open floor plan allows for a creative, collaborative and fun environment.
A competitive benefits package including medical, dental, vision, 401k and paid time off.
Additional perks like a generous employee discount, access to employee-only sales, caf, masseuse, gym, fitness and yoga classes, basketball court, and more.
Can't forget Thirsty Thursdays during the summer!