Carters/OshKosh Sr. Manager, Security Operations & Engineering in Atlanta, Georgia

Sr. Manager, Security Operations & Engineering

Atlanta, GA

Date Updated: May 30, 2018

Job Level: Management

Job Type: Full-Time/Regular

Years of Experience: 7 - 10 Years

Travel: Not Specified

Level of Education: BA/BS

Position ID: 85329-264029

Job Description

Carter's, Inc. is the largest branded marketer in North America of apparel exclusively for babies and young children. The Company owns the Carter's and OshKosh B'gosh brands, two of the most recognized brands in the marketplace. These brands are sold in leading department stores, national chains, and specialty retailers domestically and internationally. They are also sold through more than 1,000 Company-operated stores in the United States, Canada, and Mexico and online at , , and . The Company's Just One You and Genuine Kids brands are available at Target, its Child of Mine brand is available at Walmart, and its Simple Joys brand is available on Amazon. The Company also owns Skip Hop , a global lifestyle brand for families with young children. Carter's is headquartered in Atlanta, Georgia. Additional information may be found at .

The Sr. Manager of Security Operations & Engineering reports to the VP of Security Services and is responsible for ensuring a stable, secure computing environment, promoting high levels of end user satisfaction, by providing the leadership necessary to manage and coordinate the Information Security program. This position is a hands-on position, providing the information security services including compliance with SOX/PCI risk management, security incident management, identity and access management, and administration and operations of information security tools and services. This position is also responsible for researching, interacting, coordinating and recommending present and future information security solutions with competent vendors who provide information security products and services.

IT Policies, Risk, & Compliance - 25%

  • Oversees the development, implementation, and maintenance of global security policy, enterprise security standards, guidelines and procedures for appropriate risk mitigation and to support regulatory or industry compliance (e.g. SOX, PCI, HIIPA)
  • Partners with VP of Security Services to serve as advisors to executive leadership, Board or Directors, and Audit Committee in the development, implementation, and maintenance of a strong information privacy and security program and infrastructure including network access and monitoring policies.
  • Collaborates with Legal Counsel, Internal Audit on compliance, security, and privacy practices, processes, procedures, and protocols; Monitors and reports statuses, and actively participates in audits or reviews as required.
  • Maintains relationships with local, state and federal law enforcement and other related government agencies in support of security program and roadmap, with partnership and direction from Legal Counsel.
  • Must be able to interact effectively with applications teams, peers, and management staff to create application security processes and protocols.
  • Must be able to develop, manage and maintain the proposed capital and operating budget for IT Security, Risk, and Compliance department. Will conduct ongoing budget control through budget review and approval processes, and monitor departmental performance.
  • Be engaged with and understanding of business environment, projects, considerations, and constraints in implementing all policies and associated technologies
  • Develop and implement a strategic, long-term information security strategy and roadmap with VP of Security to ensure that the companys information assets are adequately protected
  • Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time
  • Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters
  • Maintain technical reference library; develop training material and workshops for IT, program and security staff as appropriate.

Security Operations Management - 35%

  • Responsible for 24/7 security monitoring and threat detection/prevention for the organization
  • Develop and report on security operations dashboards, metrics and KPIs relevant to understanding improving Carters security capabilities and defense levels
  • Foster and manage relationship with 3rd party MSSP/SOC provider to establish a true partnership with Carters organization
  • Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time
  • Ensure the protection, integrity, confidentiality, and availability of information in the custody of or processed by the Company by: respond in a timely manner to a loss or misuse of information assets; participate in investigations of suspected information security misuse or in compliance reviews as requested by auditors; communicate unresolved security exposures, misuse or noncompliance situations to management.
  • Research and consult with key technology suppliers and industry consultants to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions.
  • Develop, mentor and manage a high-performing team of security professionals

Security Engineering - 40%

  • Accountable to develop, implement, integrate, and maintain the security strategy and roadmap, including security tools and technologies.
  • Provide leadership and management oversight for security tool deployment and implementation, including applicable hardware, software, firewalls, intrusion detection systems, security event management systems, anti-virus and malware solutions, cryptography systems, access control systems, or any other device or solution required for enterprise cyber and systems protection and monitoring.
  • Develops emergency procedures and incident response protocols; acts as the control point during significant privacy and security incidents.
  • Understands potential threats, vulnerabilities, and control techniques. Monitors network of vendors and employees to ensure the safeguarding of information assets.
  • Investigates security breaches, communicates to appropriate executive management and local information privacy and security leadership, and pursues associated legal protocols in relation to any security investigation, incident, or security breach.
  • Conducts periodic penetration testing and security audits; establishes risk assessment criteria and methodology.
Experience and Skills
  • Bachelor Degree in Computer Science or related field, preferred.
  • 8+ years IT experience, with a preference of 5 years in the area of information security leadership,
  • Proven experience in planning security strategy and IT security projects for a multi-billion dollar organization
  • Must have strong knowledge of industry best practices, laws, frameworks, and compliance standards related to data privacy and protection
  • Requires success experience in at least three of the following domains: application security; security technologies and products; security engineering; security analysis and investigations; IT SOX auditing
  • In-depth knowledge of platform operating systems, including Windows, Linux, and Unix
  • Experience with Wide Area Network/Local Area Network/Wireless Network, TCP/IP and related protocols
  • Strong knowledge of Intrusion Detections and Prevention techniques
  • Proven experience leading committees or sub-committees related to security, compliance, privacy, or risk in the organization
  • Understands DR planning and execution, and is able to influence IT infrastructure, IT application, and business owners on DR planning and practices.
  • Must have very strong written and verbal skills and executive presence to interact effectively with all levels of leadership, board members, IT staff, vendors, auditors, third-party business application providers, and other parties impacting the companys security state
  • Experience with Managed Service providers in relation to providing security services, including establishing protocol, measuring provider metrics, understanding contractual agreements, and general day-to-day monitoring and operational expectations
  • Ability to effectively prioritize and execute tasks in a high-pressure environment preferably in the retail industry.
  • 3 years of direct hands-on experience or direct management of firewall administration, intrusion detection systems, data encryption software, security information and event management systems, and working knowledge of switches and routers
  • Certified Information System Security Professional (CISSP) or equivalent certification from a recognized professional organization such as International Informational Systems Security Certification Consortium ISC) 2, Global Assurance Certification (GIAC), or Information Systems Audit and Control Association (ISACA)
  • Prior work experience with MSSP vendor relationship

Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.

Visit today