Director of Product Security

Gap   •  

San Francisco, CA

Industry: Retail & Consumer Goods


11 - 15 years

Posted 179 days ago

This job is no longer available.

The Director of Product Security reports to the Chief Information Security Officer. This leader will work closely with their peers across Architecture, Development Engineering, and Technology Operations to ensure our Customer and Employee facing Products are appropriately resilient to attack.

Role and Responsibilities:

  • Leads Security Technical Architects to define Product/Platform Patterns and Standards deployed or leveraged within our on-premise Gap or cloud environments
  • Leads Product Security Engineering that provides co-developed services, code libraries, or infrastructure configurations as appropriate to secure all Customer and Employee facing Products 
  • Continuously advances the Security Champions Program to develop and embed security skillsets within the development, engineering, and operations teams across the Product Lines
  • Develops and maintains training curricula to ensure the Security Champions are kept up to date with all current and emerging technologies applicable to Gap
  • Manages application penetration testing, code scanning, and remediation capabilities in collaboration with all Product Lines
  • Advances application scanning and testing integration with CI/CD pipelines to minimize security defects and improve overall Product quality 
  • Partners with Product Management and Technical Project Leadership using a consultative approach to adapt security approaches to changing business strategies and priorities
  • Thinks and acts strategically, staying in touch with emerging trends and advances in IT/security solutions to ensure Product Security approach and tools is always relevant 
  • Provides thought leadership with strong communication and active collaboration, across cross-functional teams and business partners
  • Partners with Security Strategy & Governance to build and maintain a security controls framework that is current and applied across all technology environments
  • Develops external partnerships with vendors and outside entities as appropriate
  • Takes ownership of key initiatives, coordinating strategies with other members of Information Security and GapTech to maximize success 
  • Presents business updates, recommendations, and opportunities to senior business and technology leadership 
  • Hires and develops outstanding Information Security talent


  • Minimum 10 years of experience in information security leadership and management, 5 years minimum experience managing and developing teams, and 3 years minimum experience within dev/ops environments
  • Demonstrated ability to build and successfully execute delivery plans leveraging cross-functional resources with varying levels of ability
  • Working knowledge of relevant information security laws, regulatory standards, generally accepted information security principles, and accepted industry best practices
  • Experience working in a risk based environment including mitigation, planning and implementation
  • Operational flexibility in modifying business and operating practices to adapt to a changing environment
  • Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
  • Leadership characteristics as shown by a history of inspiring and motivating people to a common purpose at all levels within a company
  • Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
  • Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
  • Proven success working across organizational and geographic boundaries
  • Contract and vendor negotiation experience
  • Experience with budgetforecasting and overall financial management 
  • Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001 
  • Bachelor’s degree in Computer Science, Information Technology or a related discipline


  • Merchandise discount for our brands: 50% off regular-priced merchandise at Gap, Banana Republic and Old Navy, 30% off at Outlet and 25% off at Athleta.
  • One of the most competitive Paid Time Off plans in the industry.*
  • Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
  • Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
  • Employee stock purchase plan.*
  • Employees receive medical, dental, vision and life insurance.*
  • Employees can apply for tuition reimbursement.*
  • Family care programs.
  • Commuter benefits.
  • Pet Discount Program.