Sr. Director Information Security

Location: Hingham, Massachusetts US

Notice

This position is no longer open.

Job Number: 11591

Position Title: Sr. Director Information Security

External Description:

The Sr. Director is responsible for maintaining and continuing an enterprise-wide vision, strategy, architecture, and a multi-year roadmap to ensure that the Company’s information and data assets are appropriately protected. This Security & Data Privacy leader will ensure compliance with all applicable International, US, Federal and State Laws, directives, policies regarding securing information, and protecting and maintaining of data. This position will oversee the information security & data privacy policies and plans, and will manage the operational processes for monitoring and maintaining information security & data privacy. The Sr. Director, Information Security reports to the CIO and is a member of the IT leadership team.

 

Principal Accountabilities:  

  • Implement and maintain a strategic, long-term information security & data privacy strategy and roadmap to ensure that Talbots information & data assets are adequately protected and maintained.
  • Define security & data privacy policies, practices, training programs and standards, consistent with The Company’s business strategy, that govern security functions associated with information technology systems, networks, applications, voice and data communications, computing services within the enterprise – including employee, vendor and customer use and access to information assets.
  • Monitor Privacy Legislation and where needed create requirements for changes to Talbots systems, processes, and policies.
  • Facilitate, enforce and monitor Privacy policy compliance.
  • Develop, mentor and manage a high performing staff of information security & data privacy professionals.
  • Work collaboratively and cross-functionally with internal business stakeholders & the Chief Legal Officer on the implementation of the information security & data privacy strategy.
  • Be responsible and accountable for maintaining and continuing a strategically sound corporate wide information security program to ensure that information assets are adequately protected, including the oversight and coordination of all information security efforts, ensuring consistency with regulatory and compliance requirements that govern cybersecurity for the enterprise.  This includes but is not limited to: PCI, SOC, ISO, HIPPA and ITIL.
  • Oversee the evaluation, selection and successful implementation of information security & data privacy solutions that are innovative, cost-effective, and minimally disruptive.
  • Maintain and improve business metrics to measure the effectiveness of the security & data privacy program, and increase the maturity of the program over time.
  • Monitor the industry and external environment for emerging threats and advice relevant stakeholders on appropriate courses of action.
  • Continue the processes of assessing risk tolerance, implementing and overseeing appropriate security processes and fostering a security-aware culture in a large corporate environment.
  • Identify, evaluate and report on information security and data privacy risks, practices and projects to the Executive Team up to and including members of the Board of Directors. 
  • Review disaster recovery policies and standards, making recommendations and changes as required; participate in the the development of implementation plans and procedures to ensure that business critical services are recovered in the event of a declared disaster and provide direction and in-house consulting in these areas.
  • Facilitate business alignment and communications by informing the information security steering committee or advisory board.
  • Oversee incident response and investigation of security & data privacy incidents.
  • Collaborate with the Executive Committee and Chief Legal Officer on communication, public relations and legal matters related to security & data privacy incidents.

 

 

Internal and External Relationships:

Internal: Chief Information Officer, Chief Legal Officer, IT leadership team, Executive Committee

External: solution providers

 

Number of Direct Reports and Titles:

 4 – 6 direct reports

 

Education/Experience/Knowledge:

  • Minimum of 10+ years’ experience in a combination of risk management, information security and information technology positions, demonstrating a progressive growth in responsibility up to working in the context of $1.3B revenue company.
  • Bachelor’s Degree in business administration or a technology related field.
  • Knowledge of technological trends and developments in the area of information security and risk management including knowledge of security, risk and control frameworks, such as ISO 27001 and 27002, SANS/CAG, NIST, CobiT, COSO and ITIL.
  • Practiced in project management, financial/budget management, time management and staff management.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals including knowledge/experience working with outsourced service providers such as MSSPs and cloud platform providers.
  • Experienced with contract and vendor negotiations.
  • Professional certification, such as a CISSP, CISM, CISA or other information security credentials, is preferred.
  • Structured, logical thinker with strong problem-solving skills.
  • High level of personal integrity, and the ability to professionally handle confidential matters with an appropriate level of judgment and maturity.
  • Understanding of cloud, SaaS, and IoT architectures and their implications to information security & data privacy strategies.
  • High degree of initiative, dependability and ability to work both collaboratively and with little supervision.
  • Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job.  They are not intended to be an exhaustive list of all responsibilities, duties and skills required of personnel assigned to this job.

City:

State:

Community / Marketing Title: Sr. Director Information Security

Company Profile:

Talbots is a leading omni-channel specialty retailer of women's clothing, shoes and accessories. Established in 1947, the company is known for modern classic style that's both timeless and timely, fine quality craftsmanship and gracious service. At Talbots relationships are the key to our business, we hire individuals who bring new ideas to the table, understand smart risk taking and  can enhance an already thriving culture.  With a commitment to offer modern classic style for every body type, through a  full range of sizes, inclusive to every woman in your life.

EEO Employer Verbiage:

Talbots is an equal opportunity employer and welcomes applications from diverse candidates. Hiring decisions are based upon a candidate's qualifications as they relate to the requirements of the position under consideration and are made without regard to race, sex, national origin, color, age, disability, veteran status, pregnancy, sexual orientation, religion, or any other category protected by applicable law. Talbots is committed to providing reasonable accommodations for job applicants with disabilities. If you require an accommodation to perform the essential duties of the position you are seeking or to participate in the application process please contact recruiting@talbots.com. Talbots will make reasonable accommodations for otherwise qualified applicants or employees, unless such accommodations would impose an undue hardship on the operations of the Company’s business.

PositionType_Description: Full Time

Location_formattedLocationLong: Hingham, Massachusetts US

.linkedin link       instagram link       facebook link      twitter link