Imagine a career where your creative inspiration can fuel BIG innovation. Immerse yourself in our award-winning culture while creating breakthrough Retail solutions that simplify the lives of customers worldwide.
7-Eleven is expanding its social, mobile, and digital footprint with a full suite of products and services that are revolutionizing the industry. We are now focused on combining our entrepreneurial spirit with our customer-first mindset to take our company and our partners to the forefront of innovation.
As a leader in the Retail industry, 7-Eleven is continually searching for passionate thinkers to join us in re-imagining the customer experience. We are looking to hire a Sr. Director, Chief Information Security Officer to lead the strategy and implementation of a security management program.
Reporting to the Vice President - Enterprise Technology, the Sr. Director of Information Security will be responsible for developing, maintaining and enhancing all enterprise-wide IT security in support of 7-Eleven’s business needs in US & Canada.
- Manages the development and delivery of IT security standards and best practices, to ensure strong IT security across 7-Eleven. e.g., user log-on and authentication rules, security breach escalation procedures, securityauditing procedures and use of firewalls and encryption routines
- Ensures that third party vendors have adequate IT security capabilities and that the resources and assets utilized to support our business have the same security standards and best practices implemented at 7-11
- Provides IT security inclusive of integrity, availability and confidentiality of the information
- Monitors industry trends and develops security strategy Point of View
- Coaches and develops staff
- Performs employee selection, performance coaching and development of direct reports
- Creates education and awareness programs for information security
- Advises top executives on all security manners and risks
- Proposes budget and otherrequired resources for protecting information
Risk & Compliance Management
- Conducts internal and external studies to ensure compliance with standards and currency with industry security norms
- Provides for the implementation of process and methods for conducting self-assessment of control areas and addressing non-compliance to IT security standards for employees, franchisees and outsourced vendors
- Drives remediation of compliance risks, involving relevant stakeholders in IT and the business
- Leads PCI compliance and othersecurity compliance efforts
- Creates policy and procedures on risk management, and educates employees to perform risk assessment effectively
- Manages governance, risk and compliance (GRC) tools and related processes
- Periodically provides reports of IT security compliance, risk, and overall security posture to Executive Leadership and the Board
Security Monitoring & Incident Management
- Monitors security intelligence sources, informing the organization of emerging threats and their impact
- Establishes security information and event monitoring capabilities to detect security anomalies
- Monitors for security incidents, and provides leadership and direction as coordinator of security incident response activities
- Reviews logs of user activities to recognize suspicious behavior
- Conducts digital forensic investigations and root cause analysis on incidents
3rd Party Risk
- Performs risk assessment for activities that are sourced
- Coordinates with Legal to identify security clauses that must be part of agreements
- Facilitates assessments of 3rd party compliance to security requirements as needed
- Ensures that our production and development environments are properly segmented to mitigate risks
- Coordinates business impact analysis process and response plans
- Conducts post-incident review of recovery plans
- Pro-actively partners with Business continuity leadership to ensure adequate crisis management procedures are in place and properly tested through tabletop exercises.
- Manages the selection, deployment, and enhancement of security tools and solutions, to ensure strong IT systems security across 7-Eleven
- Develops, implements and administers technical security standards, as well as a suite of security services and tools to address and mitigate securityrisk
- Examines impacts of new technologies on 7-Eleven’s overall information security, and establishes processes to review implementation of new technologies to ensure security compliance
- Proposes security improvements and corrective actions for current and emerging risks in 7-Eleven’s environment
- Proposes, implements, and manages solutions for identity management, access management, remote access, third party access, access governance, privileged account management, and other Identity and Access Management capabilities.
- Identifies and protects sensitive information (customer and employee personal information, cardholder data, sensitive corporate information, etc) wherever it exists internal or external to the 7-Eleven environment
- Recommends, designs and implements security controls for cloud-based 7-Eleven applications
- Education: Bachelors/4 Yr Degree minimum
- Experience: 10+ years, IT Security, Firewall theory & configuration, user authentication, digital signatures.
Relevant experience managing security for companies that leverage cloud technologies and / or offer platform as a service (PaaS) with security commitments to customers and partners.
Experience securing core IT infrastructure including servers, network in relation to Oracle, Sharepoint, Pin Pad technology EMV, and VPN soft token technology.
A strong knowledge of IT infrastructure and an ability to understand the general architecture design and operating characteristics.
Display the ability to interpret and analyze a wide range of data, leading to informed decision making and problem solving.
Provides outstanding customer service skills to direct and indirect customers, resolving very difficult issues effectively.
Ability to build and maintain relationship across different functions and organization levels.