|Location||Hoffman Estates, IL|
|Date Posted||August 12, 2019|
Claire's - A Career that's always in style
IT Security and Compliance Manager Opportunity
About the Role
The Global Information Security and Compliance Manager role straddles three functional core areas with a global focus within the enterprise: information security program, risk management and regulatory compliance. This is a hands-on role and the incumbent is accountable for helping define, create, drive, deliver, manage and maintain the information security and compliance program governance architecture, policies, processes, infrastructure and operations throughout the global enterprise. We are looking for an individual with a strong cybersecurity background, demonstrable information technology technical skills, enterprise risk management, security controls implementation and the ability to ensure that information assets with associated business processes are adequately protected across the enterprise ecosystem. The position requires a strategic results-driven individual that understands the convergence needed to execute the overall information security strategy while partnering with leadership to design controls and service alternatives that improve our defenses against insider risks and external threats.
* Design, implement and maintain the enterprise's security and compliance governance architecture, systems and processes that provide maximized protections aligned with business outcomes and risk tolerance.
* Create, execute and maintain the enterprise's Information Security Awareness training program.
* Create, maintain and periodically test business continuity and disaster recovery plans, processes and runbooks to meet business goals.
* Create and maintain the enterprise's security and compliance documents (policies, standards, baselines, guidelines and procedures) and help ensure their enforcement.
* Design and oversee incident response efforts relating to information security. Perform deep analysis and document the events as well as coordinate response efforts and execute recommended solutions.
* Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
* Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise's existing procurement processes.
* Act as the subject matter expert on all areas relating to PCI, GDPR and NIST Cybersecurity framework while conducting and maintaining awareness and assessment of security risks to applications and infrastructure using industry standard tools and methodologies.
* Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise's security documents specifically.
* Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise networks, cloud, workstations, servers, databases, data repositories and other systems.
* Supervise all investigations into problematic activity and provide on-going communication with senior management.
* Ensure that third-parties with access to Claire's data are regularly evaluated for appropriate information security and privacy controls.
* Define and implement standards and processes for backups that are compliant with business practices.
* Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
* Forecast growth in security infrastructure needs for resource and budget planning as well as life cycle management of the infrastructure.
* Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security policies and regulatory requirements.
* Design and perform reengineering of processes and procedures in need of remediation.
* Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.
* Design enhancement for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.
* Extensive experience in enterprise security architecture, policy and process design, implementation, management and documentation.
* Solid knowledge and experience of security areas such as Auditing, Policy, Database Security, Firewall Design and Implementation, Risk Analysis, Identity Management, Access Management or Web Services.
* Solid experience in designing and delivering employee Information Security Awareness Training.
* Experience in developing and executing Business Continuity Plans and Disaster Recovery.
* Solid knowledge and understanding of security standards, frameworks and methodologies such as PCI DSS, GDPR, NIST and OWASP.
* Excellent business and IT background knowledge with experience as a business partner and thought leader exhibiting strong execution and delivery skills
* Knowledge, experience and exposure to advanced information security subject matter including the design, development, testing, implementation and governance of information security practices and solutions.
* Design and implement security systems that provide protection that aligns with business processes and risk tolerance.
* Direct knowledge of and exposure to SOX requirements, especially Sections 302, 404, and 409, PCI and NIST Cybersecurity Framework.
* Solid experience in testing, evaluating, and documenting controls for compliance.
* Solid understanding of assessing and designing internal controls and mitigating measures against external threat vectors in an enterprise-level environment.
* Self-starter, organized, versatile, highly self-motivated and capable of performing work with minimal management oversight
* Proven analytical and problem-solving skills with ability to exercise sound judgment in complex situations.
* Ability to effectively prioritize and execute tasks in a high-pressure environment
* Willing to take initiative and to add value to the organization by generating innovative solutions to business requirements.
* Good written, oral, and interpersonal communication skills and attention to detail.
* Ability to conduct research into Information Security issues and products as required.
* Ability to present ideas in business-friendly and user-friendly language to various levels of stakeholders.
* Strong team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT-business personnel
* Bachelor's degree in computer science or related fields and/or 10+ years of equivalent work experience with 5 years or more in an IT leadership and security role.
* 5+ years of hands-on experience in Information Security, Risk Management, privacy and compliance.
* One or more similar certifications of the following or commitment to obtain ISC's CISSP certification within 6 months:
* ISC CISSP - Certified Information Systems Security Professional
* GIAC Security Leadership Certification
* ISACA Certified Information Security Manager