CISSP Jobs - Director, Information Security Threat Management, 12854

at Gamestop, Inc.
Location Grapevine, TX
Date Posted January 12, 2019
Category Default
Job Type Full-time

Description

Working independently and strategically, the Information Security Threat Management Director leads the enterprise Information Security Threat Program responsible for the concepts, processes and technologies protecting organizational, employee and customer data assets. The Information Security Threat Management team provides delivery and operation of vulnerability management services across all business lines. This role also oversees GameStop's Cybersecurity Operations Center (CSOC). The Cybersecurity Security Operations Center (CSOC) Team duties (whether in-house or provided through a sourcing partner) performs monitoring and in-depth information security analysis of potential incident. The GameStop Cyber Incident Response Team (GSIRT) will provide incident response services for the enterprise. The team proactively coordinates with other departments and external vendors regarding events and initiatives impacting information security. As a strategic leader, he or she must consult frequently across the enterprise with multiple lines of business and technology teams to provide high quality solutions and services that are focused on improving GameStop's risk posture. All routine and most non-routine activities may be undertaken without prior supervisor authorization. The role is generally characterized by high levels of scope, technical and relational complexity, and a high level of independent decision making.

ESSENTIAL JOB DUTIES AND RESPONSIBILITIES*

• Directs the enterprise Cybersecurity Threat Management Program including incident response, security monitoring, and vulnerability management operations.

• Oversees planning, and service delivery required to secure large scale, high-volume environments supporting multiple retail channels and vertical lines of business

• Directs the planning, design, operation and continual improvement of the Cybersecurity Operation Center and GCIRT capabilities

• Defines and establishes Security Threat Management strategic planning goals and objectives

• Develops business case justifications and cost/benefit analysis for IT spending and initiatives

• Acts as an owner for the enterprise security incident response plan

• Assesses and facilitates the communication of risks associated with procedures, staffing, and investments

• Facilitates the review of security-related hardware, software and services acquisition, maintenance contracts and pursues master agreements to capitalize on economies of scale

• Remains abreast of emerging trends and best practices within the community of information security professionals; seek and leverage best practices from other non-competing organizations as frequently as possible

• Collaborate with other technology teams or 3rd parties to drive remediation of IT risks identified by internal and external assessments

• Develop and provide metrics related for goals and project reporting

• Manage relationships in a manner acceptable to others and to the organization; adhere consistently with all organizational policies related to our respectful workplace

• Manage financial forecasts and estimates for capital and operating expenses

• Manage support, maintenance and subscription renewals for cybersecurity operations technology

• Demonstrate a consistent commitment to field-focused service by prioritizing field-based requests, responding quickly and favorably to field-based feedback, by minimizing tasks, and proactively seeking ways to help store teams focus on customer service as productively as possible

• Work collaboratively with others within and outside of his or her function to achieve goals, simply processes, reduce costs, prevent loss, and to ensure that work is completed safely, accurately, and on time

• Responsible for adhering consistently with all employment policies as stated in the employee handbook provided or as provided by his or her supervisor

• Model the behaviors expected of all GameStop leaders including, but not limited to, a drive for results, with a demonstrable bias for action; high levels of emotional intelligence, maturity, and professionalism; giving, receiving and responding to feedback effectively; a consistently high service orientation; and demonstrable commitments to diversity, inclusion, a respectful workplace, and integrity

• Drive outstanding business results through traditional management functions including, but not limited to, sourcing and selecting talent, coaching and development, workforce and project scheduling, performance assessment, and general talent planning

• Create a productive, collaborative work environment by developing a common vision, setting clear objectives, facilitating teamwork, recognizing and rewarding outstanding performance, encouraging risk tolerance, and maintaining open communications.

• Build organizational capability through continuous improvement activities; originate action to improve existing conditions and processes; identify improvement opportunities, generate ideas, and implement solutions

• Identify, track, and report meaningful performance/progress metrics, and support the team with achieving performance goals

• Actively build the capability of others through relevant, timely balanced feedback; coaching and teaching, encouraging mentoring relationships; and using recognition and rewards to reinforce desirable behaviors

Related Competencies

Technological Ideation - Profitably and creatively anticipating, evaluating, and monetizing emerging technological and business opportunities within a rapidly evolving competitive landscape

Emotional Intelligence - Leveraging high levels of self-awareness, self-management, social awareness and relationship management, capacity to manage behavior, navigate social complexities and make personal decisions to achieve positive results

Navigating Complexity - Proactively and quickly making sense of complex issues; responding effectively to complex and ambiguous situations; communicating complicated information simply

Building Strategic Trusting Relationships - Using appropriate interpersonal styles to establish effective relationships with customers and internal partners; interacting with others in a way that promotes openness and trust and gives them confidence in one's intentions

BASIC AND PREFERRED QUALIFICATIONS (EDUCATION and/or EXPERIENCE)

• Bachelor's degree from an accredited program in information systems or related field, or equivalent experience required

• 10+ years of information security industry experience required, including a minimum of 3 years at a Senior-manager level required

• 5+ years of process and/or tool deployment and management activity, preferably in the information risk space required

• 5+ years of cyber security monitoring and incident response experience required

• CISSP required

MINIMUM QUALIFICATIONS, JOB SKILLS, ABILITIES

• Expert knowledge of security best practices in large-scale environments

• Demonstrated expertise in managing cybersecurity incidents through the incident response lifecycle

• Demonstrated expertise with the following CISSP domains: access control, application development security, cryptography, information security governance and risk management, legal regulations/investigations/ compliance, operations security, physical/environmental security, security architecture/design and telecommunications/network security

• Demonstrated expertise with the following security areas: GRC, SIEM, VPN, PKI, vulnerability management, access management, firewalls, DLP, forensics, malware analysis and incident response

• Expert knowledge of relevant information security standards and frameworks including ISO, NIST, SANS, etc.

• Proficient knowledge of regulatory controls including: PCI and SOX

• Proficient knowledge of identifying technology-related risks, developing mitigation steps, and implementing remediation

• Ability to apply strict discretion to sensitive situations

• Proficient ability to generate reports for executive leadership consumption

• Proficient analytical and organizational skills to optimize processes and procedures

• Proficient project planning skills, including the ability to organize, prioritize and control job responsibilities to meet deadlines in an environment with overlapping and potentially conflicting priorities

• Proficient ability to communicate effectively with others using spoken and written English

• Proficient ability to work collaboratively with others; conduct working relationships in a manner acceptable to others and to the organization

• Proficient ability to remain effective under stress, and respond to pressure in a manner acceptable to others and to the organization

• Proficient knowledge of Windows-based business computers and Microsoft Office programs; specifically, Access, Excel, Outlook, PowerPoint and Word

  • Demonstrated ability to model customer-focused behaviors leading to outstanding customer experiences
  • Consistently demonstrates a commitment to GameStop policies and procedures, including but not limited to, attendance, confidentiality, conflict of interest, and ethical responsibilities