IT Director, Cybersecurity – Hermès – New York, NY
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Acting as a trusted partner to all business areas of Hermès Americas, the Hermès of Paris (HOP) IT Team leads comprehensive technology delivery, innovation and support across the entire systems landscape in the region.
As the Director of Cybersecurity, you will be responsible for the management and effective delivery of all aspects of InfoSec operations in support of Hermès operations in the region. Covering the full scope of company’s retail store locations, corporate offices, and distribution centers in the US, Canada, Mexico, Brazil, and Argentina, you will oversee both hands-on and team leadership responsibilities to identify, monitor, report and remediate information security risks. You will partner with peers from the infrastructure group and across the wider IT organization to support Infosec needs on global and regional projects, ensuring alignment with strategy set forth by Group CISO, and proactively offer thought leadership on ongoing cybersecurity operations. As the Director, you will also support regional implementation of the Group’s Cybersecurity transformation program, while overseeing day-to-day SecOps duties. You will be the designated Information Security Single Point of Contact (SPOC) across the region, able to influence and interact with all levels of the business, including senior leadership, as it pertains to Information Security topics and projects critical to the company’s data and network security.
About the Role:
- Serve as the Regional Information Security Single Point of Contact (SPOC) in all matters of information security and aligning with the Global Cybersecurity programs and strategies
- Work closely with the Internal Control department and align efforts to make sure that all Information Technology matters are compliant to both the Group’s standards and local regulations, as well as internal and external audits
- Implement and manage the company’s Information Security Incident response procedure and lead the program for the region
- Provide Information Security consultancy to the business about technology related initiatives. Manage the on-boarding of technology solutions ensuring they align with the company’s security policies, guidelines, and Global IT infosec expectations. You will work with all parties including project sponsors, vendors, IT operations, and the Global InfoSec team to validate projects
- Drive projects and initiatives outlined within the Global Cybersecurity roadmap providing tactical project management guidance and coordinating efforts between different resources and parties
- Proactively monitor and routinely audit compliance to all information security procedures and policies and ensure consistency of internal controls across departments
- Lead remediation process for all security related gaps identified during Internal audit reviews as well as reviews performed by third party entities and auditors, and per direction of the Group CISO
- Help align regional processes and procedures as well as network and system standards to the company’s IT global group standards
- Drive annual PCI compliance certification and oversee all related controls and documentation management. Support other regulatory initiatives such as GDPR and CCPA remediation as necessary
- Manage a team of security specialists consisting of fulltime and consultant security personnel
- Manage the ongoing vulnerability / pen test scanning and assessment process and partners with the rest of IT and third parties to resolve vulnerabilities in a timely manner to maintain compliance
- Partner with the rest of the IT organization to ensure effective implementation and ongoing management of security tools, systems and processes including: logging, IDS, IPS, endpoint protection, web filtering, MDM, DLP, patch management, vulnerability scanning technologies, etc.
- Partner with the infrastructure team to develop strong security posturing including reviewing firewall policies and propose changes such as additional network segmentation and filtering policies to better protect the network
- Provide oversight to IT operations team to manage end user computing on endpoint security, patching and policy management
- Provide oversight, guidance and development of requirements for vendor selection for new and replacement technologies within the IT Security footprint.
- Interface with management and the user community to understand business needs, implement security best practices, and identify opportunities for improving security and compliance.
- Partner with training and professional development staff to promote security awareness among the user community
- Review and provide input into the company’s overall security program and manage multiple security projects in a given period
- As a member of the ITLT (IT Leadership Team) help shape the organization in delivering people leadership excellence, while embracing and enhancing Hermes culture of a strong business/IT partnerships
- All other duties assigned by supervisor
- Yes – 1 direct report IT Security Specialist and supervise external consultant(s) as needed. Provide matrixed leadership to project-based resources
- Yes – Sourcing and budgeting for new security technology tools and Vendor Management
Decision Making Responsibility:
- Yes – Give general security direction to team based on Group level standards and guidelines
Position Reports To:
- Vice President, Information Technology
- Has a minimum of 10 years of experience in IT or Security Management
- BA or equivalent in related field preferred
- Excellent written and verbal communications skills
- Demonstrated proficiency in planning, reporting, establishing goals and objectives, standards and priorities
- Has experience with compliance management and certification (PCI, GDPR)
- In-depth knowledge of security best practices (encryption, data protection, design, privilege access, etc.)
- Preferred skills in CISSP, CISM or GSEC Security Certification
- Experience with managing and implementing standard security technologies (DLP, MDM, SIEM, AV, IDS).
- Experience with file management access tool such as Varonis and has ability to drive data owner entitlement review process
- Knowledge of network technologies (protocols, design concepts, access control)
We are looking for a candidate that has a combination of the above attributes and can perform the key functions of the role with or without reasonable accommodations.
Our Most Popular Cyber Security Training Courses
- Google Cloud Security
- Google Cloud Networking
- Introduction to Cybersecurity Tools & Cyber Attacks
- Linux Security
- Cyber Security 10 Domains
- IBM Fundamentals
- AWS Cloud Native
AN EQUAL OPPORTUNITY EMPLOYER
It is the policy of HERMÈS of Paris, Inc. that applicants for employment are recruited, selected and hired on the basis of individual merit and ability with respect to positions being filled and potential for promotion or transfer which may be expected to develop. Applicants are recruited, selected and hired without discrimination because of race, color, religion, sex, age, national origin, disability, genetic information, sexual orientation, gender identity or gender expression, medical condition, ancestry, citizenship, marital status, military or veteran status or any other basis prohibited by applicable law. In addition, personnel procedures and practices with regard to training, promotion, transfer, compensation, demotion, lay off or termination are to be administered with due regard to job performance, experience and qualifications, but without discrimination because of race, color, religion, sex, age, national origin, disability, genetic information, sexual orientation, gender identity or gender expression, medical condition, ancestry, citizenship, marital status, military or veteran status or any other basis prohibited by applicable law. HERMÈS of Paris, Inc. also provides reasonable accommodations to qualified individuals with disabilities, in accordance with applicable laws.
We collect personal information (PI) from you in connection with your application for employment with Hermes, including the following categories of PI: identifiers, personal records, commercial information, professional or employment information, non-public education records, and inferences drawn from your PI. We collect your PI for our purposes, including performing services and operations related to your potential employment. For additional details or if you have questions, contact us at [email protected]