Director, Security & Compliance

Director of IT Security and Compliance

Who are we & what do we do?

Fruit was just the beginning. Since our founding in 1999, we've evolved over 25+ years into an industry leader and modern gifting destination for celebrating the moments that matter. In addition to a robust online e-commerce hub, our vast retail footprint includes nearly 1,000 locally owned and operated franchise locations globally.

With offerings that go beyond our iconic fresh fruit bouquets to include baked treats, fresh flowers, dessert boards, platters, and more, our vast collection of delicious treats and innovative gifts are perfect for treating yourself and others.

No matter the occasion or moment, there's an edible for that.

Through all our incredible years, we've remained committed to our 5Ps:

• Our promise- Experiences that WOW.

• Our products-Remarkably fresh.

• Our places- Interactive and creative.

• Our People- Create special memories.

How you'll make an impact:

• Manage the company's annual PCI Compliance efforts for the eCommerce sites. This includes working with internal teams as well as outside assessment groups.

• Work with internal teams to maintain ongoing PCI Compliance.

• Conduct Vendor Risk Assessments by reviewing the data being provided and security controls of the vendor to ensure Edible's data is being protected.

• Conduct Internal Audits of corporate processes and provide recommendations and reports.

• Manage the company's People and Security Awareness Training Programs via online training platform that includes phishing campaigns, social engineering, and periodic internal security training.

• Manage and maintain company Policies.

• Manage relationship with PCI QSA, Pen Testing, ASV, and Managed SOC vendors.

• Assist with data security and privacy issues, including, but not limited to, the right to delete and right to know requests.

• Measure and assess information security risk and key performance indicators within IT, including coordinating risk assessments and leading IT to control audits.

• Ensure compliance with corporate security policies as well as regulatory and contractual requirements.

• Recommend policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on-premises as well as cloud-hosted IT applications and infrastructure.

• Manage audit gaps; identifies those within IT, and are responsible for remediating or closing audit findings, negotiate dates for closure, and track/report progress. Identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders while working closely with the security team on priorities.

• Work closely with the internal compliance team to ensure proper control alignment, adherence, and timely uploads of evidence.

• Meet with both internal and external auditors to provide relevant evidence during audits and as needed.

• Work closely with cross-functional stakeholders on Security & Compliance related initiatives and projects.

• Lead engagements with IT & security vendors for mutual success, acting as an inter-departmental Security consultant on all new vendor evaluations.

• Implement and develop new security tools and services to empower IT and partner teams.

• Collaborate with peers to write, review, and provide feedback on security & compliance specifications.

• Review vulnerability reports and recommend remediation activities.

• Lead response to security incidents using incident response plans and playbooks.

And here's what we think you're like:

• Minimum 5 years' experience in Compliance, Security, or Governance.

• Demonstratable knowledge of general industry best practices and security frameworks, including but not limited to ISO, NIST, PCI DSS, and SOC/SOX audits and controls.

• Must have experience with PCI 4.0 and leading PCI assessments.

• CISA, CISM or CRISC preferred but not required.

• Significant experience working with legal on data privacy and corporate compliance matters.

• Deep understanding regarding the handling, storage, and maintenance of confidential information and personally identifiable information.

• Demonstrated ability to work independently and manage multiple projects that require collaboration across functional areas.

• Attention to detail and ability to carefully proofread all work with superior written and verbal communication, organization skills, and ability to prioritize and execute tasks effectively.

• Knowledge of and skilled in using software including Microsoft Office suite and Adobe.

• Ability to manage multiple priorities and deadlines through timely completion.

• Working knowledge of SIEM, Endpoint Security, Zero Trust, and Cloud Security technologies.

• A track record for documenting all things and communicating clearly.

What We Offer:

• Onsite work environment with work from home flexibility, fostering collaboration and relationship building with peers, cross-functional partners and leadership

• The stability and resources of an industry-leading company successfully operating for 25 years, with the agility and innovation of a startup, allowing you to make a significant impact and shape our future.

• Growth & Development - Each team member has visible and immediate impact on the business, offering abundant opportunities for personal and professional growth as we scale in size and sophistication

• Healthcare plans that include health/dental/vision insurance, 401K Plan, company paid life insurance and short-term disability, flexible spending account options and more

• Paid time off, including sick days & holidays to support work life balance

We are proud to be an EEO/AA employer. Applicants for employment are considered without regard to race, creed, color, religion, sex, sexual orientation, marital status, national origin, age, and disability, status as a veteran, Vietnam Era Veteran, or being a member of the Reserves or National Guard.