Director of IT Security (Peoria)

CUMBERLAND FARMS
– STORE SUPPORT CENTER OFFICE
– WESTBOROUGH, MA Description:Position Summary: This role is the senior most Information Security Professional for EG America.

Working closely with the North American IT Leadership, and the Global IT Leadership, this role will lead information security efforts for EG America to ensure the Confidentiality, Integrity, and Availability of sensitive data and systems.

The Director of Information Security will be responsible for Security Operations, Security Awareness, Privacy, and Compliance as it relates to sensitive data and systems.

The Director of Information Security will work closely with Executive Leaders to communicate potential cybersecurity risks to the business, and propose and implement mitigations to avoid business disruption.

The Director of Information Security will lead a team of two Information Security Analysts (and manage other IT staff on a per project basis) to implement, maintain, and manage unified security tools and capabilities across North America that align to the Global IT Strategy.

Mentor and coach security staff to fill knowledge gaps; hire supplemental partners or staff to fill team deficiencies as approved by the CIO North America.

The Director of Information Security will work closely with other departments (Legal, HR, Marketing) to implement Privacy Policies, Processes, and Procedures that ensure the appropriate use of data compliant with all applicable laws and regulations.

Responsibilities: Responsibilities include but are not limited to the following: Manage a team of 2 Information Security Analysts Oversee and Direct the team in maintenance of all information security tools Oversee and Direct the team in effectively and efficiently responding to alerts for all information security toolsets Lead Security Operations to Identify, Detect, and Respond to security events.

Oversee and Direct the Vulnerability Management Program, including internal and external vulnerability scans, PCI ASV scans.

Oversee and Direct the team in maintaining a security awareness program to include posters/graphics/workshops/simulated phishing Ensure compliance with Privacy and Compliance Regulations: CCPA, GDPR, MA 201 CMR 17.00, PCI, HIPAA Maintain all Information Security Policies Oversee all IT and Security Audits, to include: PCI, GITC, SOX Oversee and Direct the team in creations and maintenance of Role-Based Access (RBAC) groups Act as an Information Security Subject Matter Expert (SME) to IT projects, providing guidance of Standards and secure architecture.

Act as an Information Security Subject Matter Expert (SME) to development teams.

Implement DevSecOps Program to compliment Agile Development Projects.

Maintain a working knowledge of the current Threat Landscape as it relates to the particular risks facing the organization.

Recommend and select new partners and vendors as required to mitigate Security Risks Negotiate and Renegotiate vendor agreements with the assistance of the Procurement Department.

Review Vendor Security requirements and Vendor Security Questionnaires Review and approve/reject SOC reports Translate complex security topics to plain English for Executive Leadership Mentor and Grow staff for advancement Provide hands-on support/investigation/configuration for all of the above as required Other duties as assignedWorking Relationships: The Lead Infrastructure Administrator will report to the Director of IT Infrastructure.

This position will have contact will all levels throughout the IT Department and the company, as well as outside vendors and auditors to manage and coordinate the safeguarding of our IT infrastructure.Requirements:Minimum Education: BS Degree in Computer Science, Information Technology or related technical fieldPreferred Education: BS Degree in Computer Science, Information Technology or related technical fieldMinimum Experience: 5 years in an Information Security related field At least 3 of those 5 years in a leadership capacity (SOC Manager, Compliance Manager, or Similar) Experience with all aspects of Security Operations (EDR, Network Defense, Malware Protection, SIEM and Log Management, Vulnerability Assessment) Experience with common security frameworks (NIST CSF, ISO 27000, CIS Top 20 Critical Security Controls) Experience with compliance regulations (PCI DSS, Sarbanes-Oxley) Experience with Privacy Regulations (CCPA, GDPR)Preferred Experience: 10 years in an Information Security related field At least 5 of those 10 years in a leadership capacity (SOC Manager, Compliance Manager, Information Security Director, Deputy CISO) Experience with all aspects of Security Operations (EDR, Network Defense, Malware Protection, SIEM and Log Management, Vulnerability Assessment) Experience with common security frameworks (NIST CSF, ISO 27000, CIS Top 20 Critical Security Controls) Experience with compliance regulations (PCI DSS, Sarbanes-Oxley) Experience with Privacy Regulations (CCPA, GDPR) Experience in a Retail Environment, or similar (A high-availability environment with a large number of small locations).

Experience with the following tools is a plus:o Mimecast, Duo, Tanium, ZScaler, Sophos, TrendMicro, Trustwave, Fortinet, MakoPreferred Licenses/Certifications and Skills: One or more of the following: Certified Computer Information Systems Security Professional (CISSP) Certified Information Systems Manager (CISM) Certified Information Security Auditor (CISA) GIAC Information Security Professional (GISP)Other:Driving/Fleet Vehicle Requirement: NoneTravel: Less than 5%Physical: NoneHours & Conditions: This is exempt full-time position.

40 50 hrs/wk.

Off-hours support may be required.

Other:Additional Info: Powered by Snagajob, the 1 marketplace for hourly work.

Cumberland Farms uses Snag to make the application process simple.

Associated topics: attack, cybersecurity, forensic, identity, identity access management, idm, information security, protect, security officer, threat