Sr. Manager Information Security Job Listing at Restoration Hardware in Pleasanton HQ, CA

Consumer Products, Retail

Sr. Manager Information Security
ID: 4362
Location: CA - Pleasanton HQ (IT)
Division: Corporate
Department: 967 - IT-DTC Applications
Job Function: Information Technology
Employment Duration: Full Time Only

Description

RESTORATION HARDWAREis one of the fastest growing and most innovative luxury brands in the home furnishings marketplace. We believe our brand stands alone and is redefining this highly fragmented and growing market. Restoration Hardware is positioned as a lifestyle brand and design authority, offering dominant assortments across a growing number of categories, including furniture, lighting, textiles, bathware, decor, outdoor and garden, as well as baby and child products. Our business is fully integrated across our multiple channels of distribution, consisting of our stores, catalogs and websites, www.restorationhardware.com and www.rhbabyandchild.com.

In everything we do, our philosophy is simple: We want to surround ourselves with what we love. We want to inspire laughter as well as thought. This is more than our way of finding and selling products; it's a way of life we highly recommend.

At Restoration Hardware we believe deeply that the “right” people are our greatest asset. We value people with high energy, who possess the ability to energize others. People who are smart, creative and have a point of view. People who see the answer in every problem, versus those who see the problem in every answer. People who are driven, determined, and won’t take “no” for an answer. We value team players, people who are more concerned with what’s right, rather than who’s right.

Position Description:

Restoration Hardware is looking foraSr. Leader (Manager), Information Securityin theInformation Technologydepartment. This position will be based in ourPleasanton, CA IT Headquarters.

We believe leaders lead and don't accept status quo, not just "manage" and move thing about.

The perfect candidate will have an immediate connection to our Core Values (People, Service, Quality and Innovation). This candidate will be extremely flexible and enjoy a “startup” mentality and environment that changes day to day and will “assume positive intentions” at all times. Candidates who are personable, open to learning, collaborate well with others and have a positive attitude, and are more apt to saying “yes” or “we’ll try” (rather than “no” or “that’s impossible”) will be at the top of our list.

Reporting to the VP of Infrastructure and Operations, the Director of Information Security will proactively work with IT and business to identify security risks and implement practices that meet standards for information security. (SOX and PCI-DSS), Additionally they will address monitoring and reporting practices that are exceptions to policy standards and manage overall risk. The Director of Information Security is responsible for coordinating and leading information security activities across company & creating a broad-based IT security conscious culture across the company.

The Sr. Leader of Information Security will be charged with implementing a defined Security program & monitoring information technology security practices to ensure information and technology infrastructure is: secure from unauthorized access, protected from inappropriate alteration, physically secure and available to authorized users in a timely fashion. The successful candidate will manage the effectiveness of the company’s information technology security program, including progress on remedial actions.

Primary Responsibilities

The Sr. Leader of Information Security will be accountable for five principal functions:

* Information Technology (IT) Risk management
* IT Security policies & Security Compliance – Ownership, process, enforcement across the company & meet Customer security requirements.
* IT Security Awareness
* IT security Architecture.
* Business Continuity Planning and DR
* Providing leadership to the company’s information security needs including implementation of an Information Security Program and related policies, standards, and guidelines; and to the information risk assessment process, including developing and managing the information risk assessment and reporting processes
* Working proactively within IT and business unit management with respect to strategic and tactical plans for information security; working with IT and business units regarding major systems and application changes to help ensure that information security standards and issues are addressed
* Providing leadership to the incident response process, including developing and managing guidelines, and proactively identifying external expertise; providing periodic Information Security Program status reports to senior management as appropriate; promoting information security awareness throughout the institution via training activities in coordination with other training units
* Monitoring and advising management of industry and regulatory changes affecting information security, working proactively to help the company understand and implement appropriate changes such as PCI, SOX, ISO27001 etc. Overseeing a process to monitor information security controls within the Information Technology Operations and the business units for exceptions to established policy standards, security violations, and significant system changes and risk mitigation initiatives; overseeing a process to monitor vendor management oversight required by regulator guidance related to third-party risk
* Partnering with Human Resources, Application Development, Finance, Legal and senior management on processes and issues that relate to information security and protection of information assets; working with outside consultants and regulators on independent security reviews as needed

Skills Required

Job Related Competencies:

* Live and teach Our Core Values, Our Leadership Contract, and Leadership is a Choice.
* In depth understanding of current and upcoming IT security technologies and techniques that cover all levels of IT architecture, including those that affect business processes, data, applications, and network and systems infrastructure, and their effects on a diverse computing environment.
* Knowledge of DR, business continuity planning, auditing, and risk management.
* Extensive knowledge in TCP/IP networking, intrusion detection systems, firewalls, virtual private networks, access controls, encryption techniques, IT security solution deployment strategies and management, and vulnerability assessments.
* Experience with various security monitoring and detection tools like WhiteHat, Archsight, Qualys, IPS/IDS, Accunetix etc.
* Ability to organize resources, establish priorities, and lead IT security related systems projects.
* Solid experience in incident response management (IRT), cross-functional coordination, and IT security operations.
* Experience with a broad range of relevant systems platforms security like Windows, Linux, MS Exchange & PCs.
* Proven ability to plan, design, develop, test, implement, and monitor integrated information technology security systems that are aligned with institutional needs.
* Communicate information technology security related concepts to a broad range of technical and non-technical employees at all levels of the institution with the charge to collaborate & build consensus across institutional functions around challenging topics.
* Savvy to work effectively with and coordinate the activities of outside consultants & auditors relative to formal information technology security auditing situations.
* Ability to weigh business risks and enforce appropriate IT security measures.
* Passion for maintaining a high level of knowledge and expertise through formal training, professional networking, and reviewing applicable professional publications.

Education/Training:

* B.S. Bachelor's degree in Computer Science (Master's Degree MS preferred)
* 10+ years of experience in information security at various levels of hands on experience with 5+ years of experience as a Manager of Information Security.
* CISSP (Certified Information Systems Security Professional) is a MUST HAVE.
* Other related security accreditation/certification is preferred.
* Experience in leading & maintaining ISO 27002 Compliance.
* Hands on experience in PCI Compliance a MUST
* Demonstrated experience leading SOX, ISO 27001 Certification, SSAE 16 SOC1, SOC 2 & SOC3 Certifications are preferred.
* Cloud Security Controls experience is desirable.
* Other related security accreditation/certification is preferred.

Restoration Hardware is an Equal Opportunity Employer and does not discriminate against any applicant on the basis of race, color, religion, national origin, gender, marital status, age, disability, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance.