Job Description
This role develops, designs and oversees multiple components of global Information Security Governance activities that ensure our policies, standards and procedures for information security are understood and being followed. This includes audits, risk assessment processes, risk profiles, databases and other related activities where the results can be rolled up to an enterprise level and presented to the Board of Directors as required. This position Identifies program and policy effectiveness and builds the case to influence required changes. This position is also responsible for ensuring Best Buy maintains compliance with Best Buy Policies, as well as international government regulations and industry best practices and standards; such as SOX and PCI.
The position holder will play an active role on the PCI DSS council and other industry memberships to ensure Best Buy's interests are properly being represented. This position will design, manage, and implement a global security assessment team to perform formal code reviews and penetration testing across the Best Buy. The position holder will be responsible to properly collect and quantify risk associated with various internal and external incidents relating to Best Buy's Global Information Security posture. It will also conduct ongoing risk assessments of 3rd parties/vendors with whom Best Buy conducts business or who perform business on Best Buy’s behalf. This work will be done through close interface with a collective group from LP, Legal, CSIRT, as well as international participation. Occasional International travel may be required (10%).
Privacy And Data
Oversees compliance with internal policy and external regulatory requirements related to data protection as set by the Information Policy and Architecture principles
Maintains an understanding of industry, regulatory and business data protection requirements for all sensitive enterprise data classifications
Integrates with IT asset management functions to regularly update/maintain the universe of sensitive IT infrastructure and application environments.
Risk Assessment/Analysis
Oversees and directs annual/periodic risk assessment activities alongside Information Policy and Architecture team standards
Tracks and monitors enterprise information security risk posture for inclusion with strategy decisions and the information security roadmap
Provide oversight of root cause and remediation activities for information security issues, audit findings and observations
Participates in incident response activities and investigations where needed
Regulatory And Policy Compliance
Works with the Information Policy and Architecture team to develop compliance assessments
Oversees the execution of internal compliance assessment activities
Reports compliance posture to key IT, business and information security leadership groups and executives
Provides advisory services to strategic information security, technology and business initiatives throughout the SDLC process
Critical Skill Sets
Proven leader with excellent communication skills and ability to interface will all levels of the enterprise
Broad understanding of Information Security trends, services and disciplines
Strong understanding of Information Security industry standards/best practices (e.g., NIST,PCI)
Strong understanding of Information Security and Data protection related laws and regulations across the geographies in which Best Buy operates
Strong subject matter expertise in related information security technologies
Minimum Requirements
14+ years of information technology, with;
7+ years of security strategy, governance, privacy, security assessments and/or compliance
12+ years direct people management and
12+ years managing partner and vendor relationships
10+ years managing project/department financials and resource allocations
Experience (Preferred Requirements)
A CISSP certification (or similar)
Saturday, October 03, 2015
Posts
