Director, Cybersecurity
Smart&Final Corporate

Job Info

---

Director, Cybersecurity
Store Support Center

We are searching for an experienced Director, Cybersecurity for our Store Support Center, located at 600 Citadel Drive, Commerce, CA 90040.

Primary Duties and Responsibilities: 

The Director,Cybersecurity provides multi-facetedleadership to deliver cybersecurity services to our enterprise across corporateteams and 3 brands of retail stores.  This includes management and support of all cybersecurity architectureand cybersecurity engagement functions such as incident response, threatintelligence, IoT security, systems operations/engineering (SecOps),architectural support, secure design, risk analysis, vulnerability managementand threat hunting.

This role is responsible for the development,maintenance, and execution of the Cybersecurity strategy by providing thoughtleadership and strategic direction on all aspects of Cybersecurity.  The Director of Cybersecurityshall work closely with VPs, Directors, Managers and staff personnel. Closelymanages strong relationships with internal and external IT partners and the corporateleadership team to meet the Company's IT security and compliance standards and occasionallyassists with general project management duties and IT department leadership andmentoring.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following.Other duties may be assigned or required.

• Define and drive the overall information security strategy and roadmap for the company including fortification of existing enterprise assets, implementation and constant revalidation of policies and procedures that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality, and availability of information that is owned, controlled, and processed within the organization.
• Ensure creation, validation and execution of clearly defined and executable information security policies, standards, and procedures with appropriate governance to ensure ground level adoption using the NIST CSF Framework as a guide and benchmark.
• Create a culture of cyber security from the ground up both within the business lines and the technology team.
• Initiate, facilitate, and promote activities to foster information security awareness within the organization. Establish the policies, procedures, tools, configurations, training, and audits that comprise the program.
• Collaborate actively with the Technology Infrastructure and Application Teams in the software development process as a security subject matter expert, to ensure that the product architecture conforms with all company security policies and security best practices. And to ensure that all software developed by the company will meet all security audit, compliance, and control requirements.
• Work directly with business units and other internal departments and organizations to facilitate IS risk analysis and risk management processes, identify acceptable levels of residual risk, establish roles and responsibilities related to information classification and protection, and to ensure that other managers are taking effective remediation steps.
• Ensure ongoing compliance with applicable laws and regulations, in coordination with the Legal Department and establish the policies, procedures, tools, configurations, training, and audits that comprise the program.
• Manage security incident response planning as well as the investigation of security breaches including convening a Security Incident Response Team (SIRT), as needed, while serving as the primary control point during such incidents.
• Coordinate and track all information technology and security-related audits including scope of audits, timelines, auditing agencies, and outcomes; work with outside consultants as appropriate for independent security audits.
• Ensure that security policies and procedures are regularly communicated to all staff, and that compliance is enforced. Continuously update the organization's security strategy to leverage new technology or adapt to new and emerging threats.
• Responsible for budget planning for resource expenditures and any associated planning and recommendations.

SUPERVISORYRESPONSIBILITIES
Carries out supervisory responsibilities inaccordance with the organization's policies, procedures and applicablelaws.  Responsibilities includeinterviewing, hiring, and training employees; planning, assigning, anddirecting work; appraising performance; rewarding and disciplining associates;addressing complaints and resolving problems.

EDUCATION and/or EXPERIENCE

• BS degree with a preference to be in Computer Science or Computer Engineering and five to seven years' experience managing IT teams for IT security, risk management, audit and compliance, networking, systems administration, or other relevant positions, or equivalent combination of education and/or experience.
  
• Any or all of the following certifications are a plus: CISSP, CISM, CISA, ISC2 or SANS.
  
• 5-7 years of experience in security roles with increasing responsibility and business-leadership exposure. Previous roles may include information security analyst, application security or penetration testing, network-related security roles (firewall, intrusion detection, data loss prevention)
  
• 8-10 years or experience in an enterprise technology environment, ideally with customer-facing systems and services. Numerous roles are applicable - operations, application development, networking, systems and infrastructure architecture, or other as applicable
  
• Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
  
• Previous experience in strategic planning and associated processes for budgeting and portfolio decision-making for business or technology goals is required. The ability to distill requirements from non-technical staff and working relations and build road-maps and prioritize over time is also required.
  
• Experience driving SOX/PCI compliance audit initiatives with internal and external auditors a plus

OTHER KNOWLEDGE, SKILLS & ABILITIES

• Excellent written and verbal communication skills - including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences - and strong interpersonal and collaborative skills
  
• High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity.
  
• Demonstrated experience in executing/delivering cross functional projects in a dynamic, fast-paced matrixed environment with a sophisticated ability to balance between security strategies and other priorities at the organizational level.
  
• Strong understanding of Software Development Life Cycle (SDLC) and end-to-end IT business processes across various functional areas.
• Demonstrated ability to collaborate effectively with internal and external business partners required.
  
• Ability to formulate conclusions and recommend courses of action.
  
• Excellent organizational skills and adept at multi-tasking and initiating/driving projects though completion.
  
• Ability to converse with development and support staff on a technical level to understand complex technical problems and proposed solutions.

Smart & Final provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.

This job has expired.