Sr. Director, IT Security

HOW YOU'LL MAKE AN IMPACT
This role is responsible for establishing, maintaining and overseeing the enterprise-wide vision, strategy, architecture, policies and programs to ensure information assets are protected, while maintaining an understanding and managing the risks and challenges facing the company and the retail industry. This role will ensure information technology (IT) systems, networks, and internal and external computing environments are secure, and security and business continuity risk/reward decisions are balanced and comply with regulatory and legislative requirements.?He/She will create an information privacy and security-conscious culture across the organization.?This position will develop and implement information security initiatives; security frameworks; conduct and oversee security operations for the ongoing protection of the Carter’s global environment; monitor and audit compliance with regulatory and internal standards; and lead investigations related to policy violations, security breaches, and computer crimes.? 

Directs and manages the activities and personnel of the Information Security Services Team, including focus on the following capabilities: 
 

IT Policies, Risk, & Compliance - 25% 

• Oversees the development, implementation, and maintenance of global security policy, enterprise security standards, guidelines and procedures for appropriate risk mitigation and to support regulatory or industry compliance (e.g. SOX, PCI, HIIPA) 

• Serves as an expert advisor to executive leadership, Board or Directors, and Audit Committee in the development, implementation, and maintenance of a strong information privacy and security program and infrastructure?including network access and monitoring policies

• Develops policies and procedures to ensure physical safety of employees and visitors; Creates workplace violence awareness and prevention programs, as required, in partnership with Facilities Management or corporate/enterprise Risk Management teams 

• Collaborates with Legal Counsel, Internal Audit on compliance, security, and privacy practices, processes, procedures, and protocols; Monitors and reports statuses, and actively participates in audits or reviews as required 

• Maintains relationships with local, state and federal law enforcement and other related government agencies in support of security program and roadmap, with partnership and direction from Legal Counsel

• Must be able to interact effectively with applications teams, peers, and management staff to create application security processes and protocols

• Must be able to develop, manage and maintain the proposed capital and operating budget for IT Security, Risk, and Compliance department.  Will conduct ongoing budget control through budget review and approval processes, and monitor departmental performance 

• Be engaged with and understanding of business environment, projects, considerations, and constraints in implementing all policies and associated technologies 
   

Security Operations Management - 35% 

• Be responsible for 24/7 security monitoring and threat detection/prevention for the organization 

• Develop and report on security operations dashboards, metrics and KPIs relevant to understanding improving Carter’s security capabilities and defense levels 

• Foster and manage relationship with 3rd party MSSP/SOC provider to establish a true partnership with Carter’s organization 
   

Security Engineering - 40% 

• Accountable to develop, implement, integrate, and maintain the security strategy and roadmap, including security tools and technologies. 

• Provide leadership and management oversight for security tool deployment and implementation, including applicable hardware, software, firewalls, intrusion detection systems, security event management systems, anti-virus and malware solutions, cryptography systems, access control systems, or any other device or solution required for enterprise cyber and systems protection and monitoring.  

• Develops emergency procedures and incident response protocols; acts as the control point during significant privacy and security incidents 

• Understands potential threats, vulnerabilities, and control techniques.? Monitors network of vendors and employees to ensure the safeguarding of information assets? 

• Investigates security breaches, communicates to appropriate executive management and local information privacy and security leadership, and pursues associated legal protocols in relation to any security investigation, incident, or security breach? 

• Conducts periodic penetration testing and security audits; establishes risk assessment criteria and methodology

• Builds and sustains strong relationships with Carter’s functional and technical teams and serves as a trusted advisor on security related matters for the organization 

• Serves on the chair of the Information Governance and Privacy Committee; serves on the Compliance Committee and Risk Management Committee, representing Information Systems as directed by their supervisor 
   

Supervisory/ Budgetary/ External Communication Responsibility  

• Manages a multi-functional team of 7 - 10 to include security engineering, security operations, and IT risk and compliance 

• Manages a Managed Security Services Provider (or co-managed security provider) to augment team’s ability to monitor and manage IT security events and manage security operations 

• Manages a significant operational and capital budget for the security 

• Required to communicate accordingly to Board Members, Audit Committee Members on general security updates.  Required to brief internal and external groups (auditors, law enforcement, etc.) in the event of security incidents or breach.   
   

Secondary Functions  

• Understands and supports the Company’s goals and objectives, and makes certain that his/her actions and decisions are consistent with them. 

• Keeps his/her supervisor informed of all matters of importance and particularly those instances where deviations from planned results are likely to occur. 

• Performs other responsibilities and duties as assigned by his/her supervisor. 

OUR Team Members: 

• Lead Courageously: Have a strong sense of personal values that align with our Company values 

• Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment 

• Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients 

• Drive Growth: Set aggressive goals and implement plans precisely 

• Cultivates Innovation:  Respectfully challenge the "we’ve always done it this way" mentality and explore new ways to achieve desired outcomes 

Make a career at Carter’s:  

Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter’s University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.