Director of IT Security

  • San Francisco, CA
  • Full-time

Company Description

A recognized Cosmetics Retail Leader has an urgent opening for a Director of Information Security to do just that. Seeking a visionary leader who is can take an -already enterprise Information Security Program, to the next level.

Job Description

As the IT Director of Security, you’ll be responsible for partnering up with business units, technology groups and the user community to protect the corporate brand, data and assets.

· Designing and implementing the Information Security strategy & 5-year roadmap for establishing, and administering policies, goals and procedures for the InfoSec sector.

· Love staying up on current on information security threats and mitigations? Of course, you do; you must to stay relevant in this fast-moving market. 😊

· Responsible for making sure that the design, development and implementation processes adhere to security best practices.

· Continuously develop and refine internal security standards with your team.

· Managing the Information Security Incident Response Program.

· Promoting information security awareness within the organization

· Managing security assessments and penetration tests across the various platforms, both manually and through automated tools, to ensure the security of applications, systems and networks.

· Assisting with ongoing and future Compliance initiatives throughout the business

· Focusing resources on achieving short-term benefits while building long-term solutions in alignment with a well-defined and well-communicated data security and governance strategic roadmap

· Analyzing the results of vulnerability assessments and code reviews, creating reports based on that analysis and advising responsible teams on vulnerabilities, risks and recommended mitigation Solid experience with architectures and latest trending tools that aid the security landscape including the technology stack, retail, dotcom and core systems.

· Managing the growing Information Security team and developing the team members


· 8+ years of information security industry experience

· Experience identifying Information Protection needs and defining System Security Requirements; designing System Security Architecture; developing detailed Security Designs and Standards

· Experience managing network penetration testing, anti-malware planning assistance, risk analysis and incident response programs.

· Management experience and growing the Information Security teams including developing team members

· Demonstrated experience applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis.
Experience in evaluating project needs, determining tasks, duration and allocating resources.

Highly Desired

Additional Information

All your information will be kept confidential according to EEO guidelines.