Director, Information Security
Company: Centric Brands Inc.
Posted on: June 12, 2021
About Centric Brands
Centric Brands is a leading lifestyle brand collective that
designs, sources, markets and sells high quality products in
multiple segments, including kids, men's and women's apparel,
accessories, beauty and entertainment. Our portfolio includes more
than 100 iconic licensed brands, including for kids apparel, Calvin
Klein, Tommy Hilfiger, Under Armour, Nautica, and Lucky Brands ;
for men's and women's apparel, Joe's Jeans, Hudson , Buffalo and
Herv Lger; for accessories, Coach, Kate Spade, Michael Kors, Frye
and Timberland; and for entertainment, Disney, Marvel, Nickelodeon
and Warner Brothers, among others.
The Leader of Information Security will partner with senior
leaders, businesses, and the Global IT Team across Centric Brands
to form, develop, and deliver a comprehensive information security
program that will optimize the security posture of the enterprise.
They will have oversight and responsibility for all of Centric
Brands' information security needs.
This position will either be based in Greensboro, NC or could be
remote given the right candidate.
- Develop and Implement an effective information security
- Responsible for strategic leadership, formation, policies, and
operations of a company-wide information security program.
- Define clear objectives and goals for information security and
collaborate with senior leaders, business partners, and the IT
- Advise senior leadership on security program direction and
- Manage and facilitate global information security governance
- Manage and facilitate an information security awareness and
training program for the company.
- Chair the Advisory Committee and lead Information Security
Liaisons to establish the information security program and project
- Lead information security planning processes to establish an
inclusive and comprehensive information security program for the
- Establish annual and long-range security and compliance goals,
define security strategies, metrics, reporting mechanisms and
program services; and create maturity models and a roadmap for
continual program improvements.
- Stay abreast of information security issues and regulatory
changes affecting consumer goods, retail and trade at the state,
national and global levels, participate in policy and practice
discussions, and communicate to leadership on a regular basis about
those topics. Engage in professional development to maintain
continual growth in professional skills and knowledge essential to
- Mentor/Coach the Information Security Office team members and
implement professional development plans for team members.
Communicate clear goals and objectives.
- Leverage a virtual team of infrastructure and network
professionals to implement security policies and procedures for all
- Perform special projects and other duties as assigned.
- Support Legal Discovery requests when required.
Policy, Compliance, and Audit
- Lead the development and implementation of effective and
reasonable policies and practices to secure protected and sensitive
data and ensure information security and compliance with relevant
legislation and legal interpretation.
- Lead efforts to internally assess, evaluate and make
recommendations to management regarding the adequacy of the
security controls for the company's information and technology
- Work with Internal Audit, External Auditors and outside
consultants as appropriate on required security assessments and
- Coordinate and track all information technology and security
related audits including scope of audits, timelines, auditing
agencies and outcomes. Work with auditors as appropriate to keep
audit focus in scope, maintain excellent relationships with audit
entities and provide a consistent perspective that continually puts
the institution in its best light. Provide guidance, evaluation and
advocacy on audit responses.
- Work with leadership and relevant responsible compliance
department leadership to build cohesive security and compliance
programs for the company to effectively address global statutory
and regulatory requirements.
- Develop a strategy for dealing with increasing number of
audits, compliance checks and external assessment processes for
internal/external auditors, PCI, CCPA GDPR and SOX.
Outreach, Education and Training
- Work closely with IT leaders, technical experts and various
leaders on a wide variety of security issues that require an
in-depth understanding of the IT environment in their units.
- Create education and awareness programs and advise operating
units at all levels on security issues, best practices, and
- Work with various groups such as Network Managers, engineers,
development and service desk to build awareness and a sense of
common purpose around security.
- Pursue employee security initiatives to address unique needs in
protecting identity theft, mobile social media security and online
Risk Management and Incident Response
- Keep abreast of security incidents and act as primary control
point during significant information security incidents. Convene a
Security Incident Response Team (SIRT) as needed, or requested, in
addressing and investigating security incidences that arise.
- Convene Ad Hoc Security Committee as appropriate and provide
leadership for breach response and notification actions for the
- Develop, implement and administer technical security standards,
as well as a suite of security services and tools to address and
mitigate security risk.
- Provide leadership, direction and guidance in assessing and
evaluating information security risks and monitor compliance with
security standards and appropriate policies.
- Examine impacts of new technologies on the company's overall
information security. Establish processes to review implementation
of new technologies to ensure security compliance.
- Ability to work with other leaders to establish the best
balance between security strategies and other priorities at the
- Empower work environments across geographies, remove barriers
and realize possibilities.
Skills and Requirements
Skills and Requirements
- Bachelors' degree: Information Systems, Computer Science,
Business or Related field.
- Minimum of 8 years' experience.
- Ability to multi-task, set priorities.
- Excellent communications skills - both written and verbal.
- Exceptional, hands-on leader with a style that is engaging,
innovative, and collaborative.
- Ability to be flexible, work under pressure and tight
- Ability to travel.
- Ability and availability to work occasional
- Experience with Fortinet/FortiGate/Forticlient, Rapid7 Scanning
and MDR/EDR, BitLocker, File Vault, MS Defender, and Azure Security
services is a plus
Centric Brands Inc. is an Equal Opportunity Employer.
Keywords: Centric Brands Inc., Greensboro , Director, Information Security, Other , Greensboro, North Carolina
Didn't find what you're looking for? Search again!