Manager Information Security & Compliance
This key position within the J. Jill Information Services department reports to the Director, IS Security & Risk Management and combines project management skills and technology skills to lead projects pertaining to Information Security, Disaster Recovery Preparedness, and Compliance (PCI and SOX). Also provides guidance on future technologies that help retailers stay ahead of these challenges.
- Designs and implements security systems that provide cost effective protection that aligns with business processes and risk tolerance.
- Works with information security leadership and cross-functional teams to develop strategies and plans to enforce security requirements and address identified risks
- Evaluates / recommends technologies that could improve current systems and ensure that plans for security technologies integrate with technical infrastructure
- Project Management – leads projects in the areas of Data Security, Disaster Recovery planning and testing, PCI Compliance, and SOX Audits.
- Sox Compliance – participates in our SOX Audit process and ensures clean audits.
- PCI Compliance – attends training to become an ISA – Internal Security Assessor. Leads technology projects to achieve PCI Compliance and furthermore, achieve a secure network for Card Holder Data. Interacts with J. Jill’s payment processors to define appropriate solutions to regulatory compliance requirements
- Disaster Recovery – owns planning and heading up DR Tests, optimally on an annual basis.
- Data Security Policy – Coordinates with the application and infrastructure teams to administer and update practical policies and standards for information security
- Evaluates and recommends security methodology for new, emerging, or existing technology, such as smart cards and encryption
- Reviews proposals for outsourcing business activities to determine whether security controls would be compromised in the course of outsourcing the proposed activities
- Documents information security incidents and provides analysis of the circumstances enabling or permitting these same incidents to take place
- Conducts security reviews and risk assessments of applications and infrastructure with industry standard tools and methodologies
- Ensures vulnerability scans and internal penetration tests are completed on a regular basis; ensures remediation of critical and high items
- Maintains awareness of up-to-date threats and vulnerabilities and their respective countermeasures
- Stays informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources
- Demonstrated knowledge of information security concepts and methodologies, as well a practical understanding of security principles such as authentication, authorization, access controls, and protection strategies.
- Demonstrated experience in computer/network security, operating systems such as Windows, LAN/WAN networking protocols such as TCP/IP, firewalls, IDS/IPS, PKI, and encryption
- Experience in performing a security audit for PCI compliance
- Experience performing external and internal vulnerability and penetration testing
- Demonstrated experience working with information security related risks, as well as regulatory, audit, and compliance requirements, such as PCI
- Experience administering information security programs including risk assessments and forensic
- Experience with eComm, SaaS and cloud solutions
- CISSP Certification, CISM Certification, and/or CISA Certification
IT Audit experience
- Bachelor Degree in Computer Science, Information Systems, Engineering, or an equivalent combination of education, training, and experience.
- 6+ years experience in IT security, disaster recovery preparedness, and compliance in a similar corporate environment
- 3+ years experience working on medium to large multidisciplinary, security/ risk projects
- 3+ years experience in project management OR formal training in project management.
- 3+ years experience supporting security-based devices (firewalls, intrusion detection systems, port scanners, vulnerability scanners, sniffers, malware management systems, email filters, encryption technology and software)
- 3+ years experience supporting PCs, OS, and peripherals including server hardening
- 3+ years experience with configuration and implementation of routers, switches, intranets, and VPNs including network device hardening