Director of Information Security
Hot Topic HQ - City of Industry, California - Full-time
The Director of Information Security plays an integral role in the leadership and development of the Information Security team and is responsible for securing customer, employee, and corporate data within Hot Topic. Specifically, this leader and their team is responsible for monitoring and reporting on the security health of Hot Topic's data systems, implementing and administering all cyber security technologies, delivering key cyber risk metrics to stakeholders at all levels of the company, maintaining data regulatory compliance, defining data security policies and guidelines. In addition, this leadership role will lead Hot Topic's Business Continuity and Disaster Recovery program.
WHAT YOU'LL DO:
- Build and lead key security roles within Hot Topic, including: Data Security Compliance, Security Operations, Security Engineering, and DevSecOps
- Build and guide the Information Security team in developing individual skillsets to maximize personal growth and team success
- Ensure Hot Topic is compliant with all data compliance requirements, including SOX, CCPA, GDPR, ADA and PCI
- Develop and maintain Hot Topic's Cyber Incident Response Plan; ensuring all required participants are trained in response protocols
- In partnership with Hot Topic’s Information Technology teams, ensure that critical business systems are resilient to cyber events
- Work alongside other Hot Topic teams to identify areas of cyber risk to the organization and assist with reducing those risks to acceptable levels
- Define, direct, and oversee the execution of security processes in the areas of intrusion prevention, security event monitoring/SIEM, vulnerability management, privilege access management, web filtering, and VPN
- Recommend security solutions that drive improvements in the capability and functionality of the cyber security program
- Serve as a subject matter expert providing advisory services related to Hot Topic's security architecture strategy, as well as, security requirements for all internal and external business partners
- Establish, monitor, evaluate, and report key performance and risk indicators (KPIs and KRIs) to provide leadership with accurate and timely information regarding the effectiveness of the information security strategy
- Develop DevSecOps functions within Hot Topic and ensure code development is aligned with industry best practices
- Manage the gathering and analysis of Hot Topic's data to ensure actionable information is available and responded in accordance with defined SLAs
- Define 3rd party data security requirements and perform cyber risk assessments of Hot Topic's current and prospective 3rd party vendors ensuring all appropriate controls are applied
- Maintain a roadmap for the development of security architecture and standards
- Ensure that the Global Security Strategy is meeting the security and privacy needs of internal and external customers
- Provide strategic and tactical security guidance for new and existing technical solutions
- Communicate and promote the awareness of information security, information risk, and privacy to business units, customers and partners
- Provide direct leadership of security projects to improve operational efforts
- Participate in on-call support and issue escalation, as needed
- Develops, oversees, and regularly tests IT disaster recovery procedures to assure business continuity for both central and distributed systems and services.
WHAT YOU'LL NEED:
- 5-7 years' experience in a Cyber Security leadership role reporting directly to the CIO or CTO.
- 10 years' experience operating, monitoring and enforcing security policies, standards, tools, controls and systems in large scale organizations where you directly managed employees.
- Prior experience with PCI compliance in a retail organization and implementing a NIST cybersecurity framework.
- Deep understanding of Payment Card Industry (PCI) Data Security Standard (DSS), ISO 27001/27002, SSAE-16, COBIT, ITIL, Personally Identifiable Information (PII), NIST Cyber Security Framework, and other regulatory compliance, privacy standards, and legislation.
- Broad understanding of Networking Protocols, Netflow, Routing, DNS, Firewalls (Palo Alto Networks and Cisco ASA), Wireless, Operating Systems (including Windows, MacOS, and Linux), Virtualization (VMware ESX, Nutanix), Databases (MS SQL, Oracle, MySQL), Payment Applications, Retail Operations and Processes (XStore), Cryptography, PKI, Patch Management, Scripting, Mobile Device Management, and Disaster Recovery
- Educational knowledge or work experience with behavioral analytics technologies
- Proficiency in managing onshore/offshore teams and large scale projects
- Proficiency in establishing and maintaining effective working relationships with employees, business partners and third party vendors.
- Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization
- Strong understanding and/or experience with Security Information and Event Management (SIEM), Vulnerability Management, Penetration Testing, Authentication Methods, Identity and Access Management (IAM), Anti-Malware and Malware Analysis/Remediation, Intrusion Detection and Intrusion Prevention (IDS/IPS), Web Application Firewalls, File Integrity Monitoring (FIM), Incident Response/Forensics, Physical Access Controls and Security Best Practices
- Excellent verbal and written communication skills for technical and non-technical audiences of various levels in the organization
- A "breaker" mindset. You ask, "How are things NOT supposed work?"
- High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity