Run a global team managing all aspects of cyber threat management, consistent with the threats and scale of a Fortune 500 retail, wholesale, and manufacturing enterprise entering a period of rapid business growth through innovation and acquisition. This includes threat modeling, threat intelligence, incident detection, interruption of the kill chain, and damage control. Cyber Threat Management is involved in all aspects of the business, including all brands, functions, and regions worldwide. Interaction with all levels of business leadership is expected as part of communicating both preparedness against attacks and the impact of attacks that do occur.
This role necessarily deals with sensitive and highly sensitive information, and the role is expected to both define appropriate handling of such information for the enterprise and to implement best handling practices.
Reporting to the ECR Head of Technology & Operations, lead the global Cyber Threat Management function across the enterprise, providing direction in collaboration with Legal, Human Resources, Global Communications, Corporate (Physical) Security, other Information technology (IT) teams, and executive leadership across brands, functions, and regions. Lead the CTMC which includes security analysis, incident response, vulnerability management, pen testing, and holistic security monitoring and response.
Operate the Cyber Threat Management function with complete accountability.
Stop and mitigate complex attacks to protect ELC. This will require emergency decisions in response to active attacks outside of routine technology processes and communication of those decisions to technical personnel and senior leaders.
Execute on key operational decisions with potentially high impact affecting attacks and threats facing ELC. These include, but are not limited to, spam campaigns, malware campaigns, organized criminal operations, and nation-state operations. Manage the budget for Cyber Threat Management. This role is fully accountable for several million dollars of operating budget, including decisions over hiring, consulting engagements, outsourcing, and services. Budget management includes assessing growth (or contraction) needs and making appropriate business cases to justify changes with support from business leadership.
Deep information and cybersecurity expertise, including familiarity with and/or experience leading CyberSecurity operations (identify, protect, detect, respond, and recover functions); vulnerability management; reverse engineering, malware, and attack patterns (offensive and defensive technologies); scenario planning; penetration testing/red teaming; mobile security; vulnerability scanning/identification/management and patch management; threat intelligence monitoring; network/endpoint/perimeter/cloud/DNS/.com monitoring; incident management; data leakage protection; application security monitoring; policies, standards, and procedures; and information security metrics. Hands on experience in these domains and other key technology domains, such as coding/developing, understanding technology standards, deploying new technologies, and integrating new and existing technologies.
Business expertise to perform just-in-time risk management and incident management guidance and leadership – especially given a growing and changing business and cyber risk landscape. Understanding of retail/manufacturing sufficient to correlate attackers' motives to business impacts and to appropriately adjust controls. Management of a 24/7 cyber threat management operation (e.g. a Security Operations Center (SOC)). Understanding of holistic monitoring, including POS systems, IOT devices, physical security environments, etc.
Strong experience in next-generation monitoring, including tools for supervised and artificial learning, artificial intelligence, user and entity behavior analytics, visualization technologies, and managing outsourced vendors for monitoring.
Strong leadership and management skills, including experience leading rapidly changing organizations, managing vendor relationships, managing consultants and matrixed teams; managing budgets, making critical and timely decisions, and solving unique and complex problems.
Executive-level communications and interpersonal skills, including experience briefing C-level leaders, influencing others, and engaging with information security and other leaders across industries.
Experience handling, securing, and communicating highly confidential and sensitive information.
Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Shift: 1st (Day) Shift
Job Number: 1925075
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact USApplicantAccommodations@Estee.com.
Apply on company website