IT Security - Hibbett : Job Details

00015 Store Support CenterLE_301 Hibbett Retail, Inc. Job Title: Senior Manager, IT Security Governance & Compliance Department: North American Technology COE FLSA Status: Exempt Reports To: Vice President, CISO Prepared Date: 12/9/2024 Reviewed Date: 12/9/2024 SUMMARY The Senior Manager, IT Security Governance & Compliance is responsible for developing and managing the Information Security Governance & Compliance program of JD Group North America. This includes proactively identifying and managing risks related to information security, crisis / incident management, privacy, governance, and compliance. This position will define, develop, and manage the Information Security governance and compliance vision and strategy, including but not limited to the creation, maintaining, and enforcement of Information Security governance, policies, standards, processes, and procedures. This position requires deep knowledge of all business and IT areas and subject matter expertise for Information Security governance and compliance. In addition, the Senior Manager, IT Security Governance & Compliance will be an evangelist for ensuring all staff members understand and when necessary, are trained on information security requirements through awareness programs. ESSENTIAL DUTIES AND RESPONSIBILITIES Provide strategic vision for Information Security Governance & Compliance Develop and implement information security governance, policies, standards, processes, procedures, and guidelines for the enterprise Interface with Senior Executives, support and participate in the IT Security Committee, and liaison to company Risk Committee, and keep IT Security Committee and Risk Committee updated on industry and North American trends Protect the companys assets and financial information by ensuring the accuracy and effectiveness of internal control procedures, and informing management and/or appropriate officials of potential fraud risk Give consistent direction for the Information Security team and the IT organization on the governance and compliance roadmap Establish and maintain a compliance process (Security) Responsible for maintaining North American Groups PCI compliance and managing the annual PCI compliance process Participate in the legal review process for all contracts that involve an Information Technology component Perform audits and reviews of both North American security governance, policies, standards, processes, procedures, and guidelines as well as third party providers Facilitate the execution of security assessments such as internal and external network penetration tests, network vulnerability scanning, website vulnerability assessments, and others Maintain active membership with either Information Sharing Analysis Center (ISAC) or Information Sharing Analysis Organization (ISAO) Monitor and remain current to ensure security compliance with industry and government rules and regulations, review external content, analyze existing threats, and determine if the company is properly protected Monitor threats and vulnerabilities and align governance and compliance appropriate to mitigate risks Maintain and execute the security incident response process Investigate, analyze, and document risks, mitigation, incidents, etc Understand the trade-offs required to manage the various levels of risk tolerance and risk exposure across the organization and balance this with risk investments Create an information security awareness program to ensure staff members across North America understand the trade-off between risk and return Utilize IT Security and Audit tools to monitor and research potential information security governance and compliance issues related to the systems across North America to ensure internal security and general computer controls are appropriate and operating as intended Contribute to successful, cost-effective modeling of Business Continuity Plans into Disaster Recovery capabilities After business hours on-call availability is required Position may include other duties as determined by the CISO Protect the companys assets and financial information by ensuring the accuracy and effectiveness of internal control procedures and informing management and/or appropriate officials of potential fraud risk. Compliance Direct and when necessary, perform internal audits of processes, facilities, and documentation to assure compliance with internal controls, best practices Ensure that accurate and complete records of department activities are kept, and that they meet Group and North American Audit requirements Ensure that all compliance requirements are followed and up to date based on current Federal, State, and Local laws. Monitor all state privacy laws and ensure all JD North America organizations are in compliance. Manage configuration of capabilities for all JD North America organizations to accept and respond to customer Data Subject Access Requests as required by state privacy laws. Act as primary point of contact for internal and external auditors in reviewing North American IT compliance Conduct regular quality system audits and work collaboratively to improve compliance Oversee the development and maintenance of a measurement capability to support management information needs on IT service delivery performance Develop and maintain a process to identify, monitor and control risks to North American IT service delivery Champion continuous improvement efforts to meet or exceed quality objectives Drive accountability and role definition/clarity for security roles, projects, ongoing business support Provide strategic governance and compliance vision for the team, security solution areas and IT Projects Additional Responsibilities Manage overall IT Security governance and compliance Portfolio Negotiate vendor contracts Responsible for business relationships Responsible for vendor relationships After business hours on-call availability is required Position may include other duties as determined leadership SUPERVISORY RESPONSIBILITIES Direct management of 2 to 5 security and compliance team members and 10+ third parties Responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems. QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Self Sufficient / Self Starter Does what is necessary to get the job done Strong Work Ethic (Works Smart, not just Hard) Strong Organizational Skills Strong Leadership and Communication Skills History of success in making change and achieving objectives Ability to work effectively in a team environment and facilitate positive interpersonal relations with coworkers Ability to rely on experience and judgment to plan and accomplish goals Ability to multitask and prioritize Ability to meet deadlines EDUCATION and/or EXPERIENCE Must have a bachelors degree in computer science or equivalent and security or audit field experience. Experience in a management position Demonstrated Leadership and Management Skills. Knowledge of national regulatory compliances and frameworks such as ITGC, ISO, SOX, BASEL II, EU DPD, HIPAA, and PCI DSS LANGUAGE SKILLS Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals. Ability to write routine reports and correspondence. MATHEMATICAL SKILLS Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. REASONING ABILITY Ability to apply common sense understanding to carry out instructions furnished in written, oral, or diagram form. Ability to deal with problems involving several concrete variables in standardized situations. PHYSICAL DEMANDS The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to stand, walk; sit; use hands to type, handle or feel; reach with hands and arms; and talk or hear. The employee must occasionally lift and/or move up to 25 pounds. WORK ENVIRONMENT The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually quiet to moderate. Hibbett's Privacy Policy Candidates will have an option during the application process to withdraw their application prior to completion of the application. Throughout this online job application process, you will be asked to provide personal information about yourself. Please review Hibbetts Privacy Policy to understand how the information you provide will be utilized and safeguarded. By clicking the Apply button, I acknowledge that I have read and understand the Hibbett's Privacy Policy. Further, I consent to the use of the same as my Electronic Agreement for purposes hereof. I acknowledge that I have a right to withdraw such consent at any time by contacting Hibbett. Employment Type: Full Time