Director, Information Security & Compliance
Posted on Apr 5, 2021 by Total Wine & More
We are looking for a Director of Information Security and Compliance to join or Technology team at Total Wine and More. You will provide leadership and strategic direction of IT security administration together with security audit, risk management, and compliance, protecting the data of our customers, team members and organization. You will operate as an internal consulting resource for the enterprise, advocating for security and risk management processes. As a Security leader, you and your team will determine security guidelines, governance, and best practices working to continuously improve Total Wines information security program. You will report to the Senior Director of Information Security.
Lead the development and continued maintenance of Total Wines information security, compliance, and privacy programs observing industry standards such as NIST, COBIT, ISO 27001, PCI-DSS, and CCPA
Provide oversight for security engineering and operations tasks including identity and access management, vulnerability management, incident response, IDS/IPS, Firewall rule reviews, asset management, penetration tests, endpoint protection solutions, SIEM, and mobile device management.
Develop security policies, procedures and guidelines
Partner with Total Wine Legal Team on contract reviews and vendor management plans to align with data security, regulatory, and compliance requirements
Develop and maintain security awareness programs for Store Support Center and Store Team Members
Lead security reviews for new projects and enhancements, working with partners to develop appropriate risk mitigation strategies
Advocate for information security across the organization, balancing security controls while supporting business initiatives
Monitor threat environment and identify potential areas of vulnerability and risk; develop appropriate risk treatment options
Lead a team of Information Security professionals
You will come with
12+ years of experience in a combination of information technology, information security, operations, and project management roles with 5+ years of Information Security experience in the secure design and implementation of information systems; focused on risk assessment, vulnerability assessment, audit, and compliance
Previous experience leading a team of Security professionals
Experience with security and infrastructure architecture/technologies: including firewalls, IDS/IPS, encryption, identity and access management, and SIEM
Experience with security frameworks, regulatory requirements, and industry standards such as NIST, COBIT, ISO 27001, PCI-DSS, and CCPA.
Bachelors Degree in technology or other related field from an accredited university or college; or equivalent work experience in Information Security and Business/Risk Management