As a key member of JD Finish Line’s IT Leadership Team, the Director of Cyber Security is responsible for developing, executing and administering the JD Finish Line IT security strategy and program plan. The scope of the program is company-wide with the purpose of protecting the company’s information and infrastructure from external or internal threats; assuring the company complies with statutory and regulatory requirements regarding information access, security and privacy. The Cyber Security Director will initiate, implement and develop information security and remove programs in accordance with organizational information security standards, as well as, promote security awareness throughout the organization. Serving as a key partner to the business, this position collaborates with department leaders to define how IT can align, support and enable the business. This leader will effectively exhibit JD Finish Line’s core values of Customer, People, Winning, Community, and Financial Responsibility in everything they do by performing the following main duties:
- Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security.
- Manage the development and deployment of information security policies, standards and procedures.
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations.
- Liaison with and offer strategic direction to business partners on information security matters such as routing security activities plus emerging security risks and control technologies.
- Develop, maintain and enhance incident reporting and response activities enabling efficient security operations
- Ensure secure practices when we engage 3rd party/external vendors.
- Provide leadership insights as a contributing team member of the IT leadership team in defining and deploying security best practices. This leadership role will require maintaining current knowledge of security trends and threats and translating this into meaningful changes in the company’s systems and procedures.
- Ability to manage budgets, maintain forecasts, develop and present business cases.
- Inspire, lead and coach a diverse team of security and compliance professionals
- Liaison with legal/compliance partners. As well as our business units to ensure secure operational and solutioning practices related to new or existing initiatives.
- Extensive knowledge of: NIST, CIS, SOX and PCI-DSS
- Develops and enhances cyber security management along with control frameworks based on industry standards to measure efficiency/effectiveness of the program, facilities, and appropriate resource allocation while increasing the maturity of security.
- Deep knowledge of cyber security technologies, compliance and regulatory matters, information governance and privacy best practices.
- Strong executive presence and communication skills with experience interacting with senior “C-suite” executives.
- Additional duties and projects as required.
Qualifications:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Required Education and/or Experience: Bachelor’s degree (B.A.) from a four-year college or university and at least 8 - 10+ years of applicable experience in IT technical roles such as; information security, IT architecture, development or operations, with a clear and abiding interest in information security; or an equivalent combination of education and experience. Must possess at least 7 years working experience in the Information Security function. Information security management qualifications such as CISSP or CISM required. Detailed knowledge of cloud based controls - SOC 1 controls, preventive controls, corrective controls and risk mitigation are required.
- Technical Skills: Should have intermediate knowledge and abilities with Microsoft Word, Excel, PowerPoint and Access as well as a working understanding of functions and relationships of information in PeopleSoft/Oracle system or other key retail applications. High-level knowledge of networks, data center, desktop management and data interchange are required.
- Communication Skills: Ability to read and understand documents such as operating instructions, government forms, procedural manuals. Ability to write routine reports and business correspondence. Ability to effectively present information and effectively respond to questions via telephone, email, written communications, and in person.
Physical Demands:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Sit for more than 6 hours per shift
- Use hands to finger, handle and feel
- Reach with hands and arms
- Talk and/or hear
- Stand for up to 2 hours at a time periodically
- Walk or move from one location to another
- Occasionally may need to climb, balance, stoop, kneel, or crouch
- Lift and/or move up to 10 pounds regularly and up to 25 pounds occasionally
- Punctuality and regular attendance consistent with the company’s policies are required for the position.
- Average work week is 45-50 hours, which can vary depending on business need.
- The work environment for this position is a moderately noisy office setting.
The company reserves the right to modify this job description with or without notice. Employees may be asked to perform additional duties outside of normal job scope on a temporary basis per the company policy.