Manager Information Security

Carter’s, Inc. is the largest branded marketer in North America of apparel exclusively for babies and young children. The Company owns the Carter’s and OshKosh B’gosh brands, two of the most recognized brands in the marketplace. These brands are sold in leading department stores, national chains, and specialty retailers domestically and internationally. They are also sold through more than 1,000 Company-operated stores in the United States, Canada, and Mexico and online at www.carters.com, www.oshkosh.com, www.cartersoshkosh.ca, and www.carters.com.mx. The Company’s Child of Mine brand is available at Walmart, its Just One You brand is available at Target, and its Simple Joys brand is available on Amazon. The Company also owns Skip Hop, a global lifestyle brand for families with young children. Carter’s is headquartered in Atlanta, Georgia. Additional information may be found at www.carters.com.

Baby Clothing, Kids Clothes, Toddler Clothes | Carter's

Shop for baby clothing, baby necessities and essentials at Carters.com,  the most trusted name in baby, kids, and toddler clothing. Shop our selection of cute baby & kids clothing.

Carter's is seeking a new leader on our security team!

The Manager of Information Security Operations reports to the Senior Manager, Information Security, and is responsible for contributing to a stable, secure computing environment.  This position is a hands-on management position, and also provided oversight of the security incident & event management program, security operations center, threat and vulnerability management, and endpoint detection services.  This position will supply guidance and management to information security analysts.

This position is also responsible for researching, interacting, coordinating, and recommending present and future information security solutions with competent vendors who provide information security products and services.

This role typically reports to the Senior Manager, Information Security, has 1 direct report, and is based in our Buckhead office with a hybrid work environment.

Breakdown of How You’ll Make an Impact:

 IT Policies, Risk, & Compliance - 20%

• Partner with Senior Manager to serve as advisor and support executive leadership, Board of Directors, and Audit Committee in developing, implementing, and maintaining a strong information security program and related policies.

• Collaborates with Legal Counsel, Internal Audit on compliance, security, and privacy practices, processes, and procedures; Actively participates in audits or reviews as required.

• To create application security processes and protocols, you must be able to interact effectively with applications teams, peers, and management staff.

• Contribute insight and support to effectively manage the proposed capital and operating budget for IT Security department. Will conduct ongoing budget input through budget review and approval processes and monitor departmental performance.

• Be engaged with and understanding of the business environment, projects, considerations, and constraints in implementing all policies and associated technologies

• Contribute to the strategic, long-term information security strategy and roadmap with Senior Manager - Information Security and other team members to ensure that the company’s information assets are adequately protected

• Develop security operations metrics including threat and vulnerability management, endpoint technology and general security operations center effectiveness metrics with the aim of increasing the maturity of the program over time

• Participate in incident response planning and the investigation of security breaches; contribute to the incident response plan revisions

• Build and sustain strong relationships with Carter’s functional and technical teams and serves as a trusted advisor on security

Security Operations Management - 60%

• Responsible for 24/7 security monitoring and threat detection/prevention for the organization

• Actively partner with SIEM, SOC, Endpoint and Vulnerability Scanning vendor partners to ensure Carter’s is utilizing full current feature sets and understands the roadmap of vendor partners

• Oversee reporting for security operations dashboards, metrics and KPIs with the intent of improving Carter’s security controls

• Manage various threat intelligence feeds and report to the security team the threats specific to the retail industry (I.e., Anomaly and RH-ISAC)

• Participate in investigations of suspected information security misuse or compliance reviews as requested; communicate unresolved security exposures, misuse, or noncompliance to management.

• Research and consult with key technology suppliers and industry consultants to evaluate, select, install, and configure hardware and software systems that provide appropriate security functionality

• Develop, mentor, and manage a high-performing team of security analysts

• Provide input on emergency procedures and incident response protocols; acts as the conduit between SOC and internal incident response team

• Manage the reporting of potential threats, vulnerabilities, and recommended security controls

Security Engineering - 20%

• Provide technical leadership and oversight for security tool deployment and implementation; mainly focused on security incident and event management, security operations, endpoint detection, and vulnerability scanning tools and services

• Actively participate in technical support and configuration of security tools and services, focused on SIEM, Endpoint Detection, SOC, and Threat and Vulnerability Management tools.

• Investigates security incidents, communicates to appropriate management and information privacy and security leadership, and follows associated legal protocols related to security investigation, incidents, and/or security breaches.

We’d Love to hear from you if:

• 7+ years’ IT experience required.

• Management experience, preferably in the retail technical industry.

• 3 years of direct hands-on experience in various information security technologies including, but not limited to, firewall administration, intrusion detection systems, data encryption software, security information and event management systems, threat feeds, email security, web isolation technology and endpoint detection and response tools.

• Bachelor’s Degree in computer science or related field, preferred.

• Manage a multi-functional team of information security analysts.

• Manage a security operations center (or co-managed security provider) to augment the team’s ability to monitor and manage IT security events and operations.

• Contribute to budget accuracy by providing insight into security operations changes that may impact the information security budget and forecast.

• Are comfortable briefing senior management on details regarding incidents and information security investigations.

• Are experienced in updating your supervisor informed of all matters of importance, particularly instances where deviations from planned results are likely to occur.

• Must have general knowledge of industry best practices, laws, frameworks, and compliance standards related to data privacy and protection

• Requires experience in at least most of the following domains: endpoint technology; security operations centers; threat and vulnerability management tools; threat detections services, and security incident and event management tools/services; security analysis and investigations

• In-depth knowledge of platform operating systems, including Windows, Linux, and Unix protocols

• Must have very strong written and verbal skills and influence to interact effectively with all levels of leadership, IT staff, vendors, auditors, third-party business application providers, and other parties impacting the company’s security state

• Experience with managed service providers in relation to providing security services, including establishing protocol, measuring provider metrics, understanding contractual agreements, and general day-to-day monitoring and operational expectations

• Open to travel between various Carter's offices (Buckhead, Fayetteville, Braselton, etc.) and other locations as needed

OUR Team Members:

• Lead Courageously: Have a strong sense of personal values that align with our Company values

• Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment

• Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients

• Drive Growth: Set aggressive goals and implement plans precisely

• Cultivates Innovation:  Respectfully challenge the "we’ve always done it this way" mentality and explore new ways to achieve desired outcomes

Make a career at Carter’s:

• Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter’s University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.

Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.