Director Information Security and Compliance

Established in 1968, Harbor Freight Tools is a fast growing, well established privately held retail company opening stores across the United States.  We currently operate over 270 stores in 44 states with plans to open over 30 stores per year. Harbor Freight Tools is seeking a Director Information Security and Compliance to join our IT Department in Camarillo, CA. 

Essential Duties and Responsibilities:

The Director of Information Security and Compliance is responsible for the overall Information Security and IT compliance activities of the Harbor Freight Tools enterprise. This position manages staff and vendors, directly and indirectly through policy, procedure, and standards regarding the implementation of, adherence to, and integrity of technical controls.  This individual’s principal goals are to develop and manage IT policy, system security and disaster recovery with a goals of managing IT related risk and ensuring compliance with mandates and laws.

 

The Director of Information Security and Compliance will plan, coordinate, direct, and design all operational activities of the IT Information Security and Compliance team. The Director of Information Security and Compliance will work closely with the CIO, IT management team and decision makers in other departments to identify, recommend, develop, implement, and support cost-effective technology solutions for all aspects of the enterprise.

 

·  Participate in IT department operational and strategic planning, including business requirements, project planning, and organizing and negotiating the allocation of resources.

·  Build, develop and communicate comprehensive policies and policy objectives and the context in which these policies were developed and how they are applied. This includes the various requirements of HFT (GCC, PCI, ITIL, Security Incident Response Team, etc). 

·  Conduct threat modeling for operational systems and new products

·  Lead technology security incident response team

·  Define security testing policies and processes for internally developed software, and advise software development team on security practices

·  Advise operations team on security practices, including hardening of systems, access controls, and monitoring

·  Participate in systems and software architecture to ensure that security is designed into products from the ground up

·  Track emerging exploits, defensive techniques, and regulations affecting HFT’s business, and advise management on security roadmap

·  Define essential security metrics, and provide tracking and reporting of those metrics to management

·  Learn detailed knowledge of existing operational processes - especially as they affect systems that are likely to be a security target and / or the source of compliance activity. 

·  Knowledge of controls and existing processes should be kept current through internal investigation and may require seeking external validation (from vendors or corporate). 

·  Must be current with and update HFT leadership with analysis of changes in regulatory risks, operating risks, and technical vulnerabilities within the existing infrastructure, applications, and process controls. 

·  Directs a staff of security specialists, and vendors who may have operational responsibility for implementing and adhering to information security and GCC standards for policy compliance.

·  Can anticipate, mitigate, and resolve situations where compliance requirements and immediate business need come into conflict by:

o Clarifying technical ambiguity with respect to physical and logical access control, data handling, and system vulnerability  

o Understanding and helping HFT IT Management understand the business exposure and technical risk so that appropriate choices can be made to satisfy both business need and compliance requirements. 

·  Manages the role responsible for primary vendor contract management including selection, negotiation, review, and renewal

·  Possesses comprehensive business and technical knowledge and organizational skills to oversee highly complex projects with high visibility and high impact on the business. 

·  May participate in committees / panels / teams regarding data protection, regulatory oversight, and audit compliance.

·  Develop business case justifications and cost/benefit analyses for IT spending and initiatives.

·  Direct research on potential technology solutions and implementations in support of new initiatives, opportunities, and procurement efforts.

·  Develop and implement IT policies and procedures, including those for security, disaster recovery, standards, purchasing, and service provision.

·  Oversee negotiation and administration of vendor, outsourcer, and consultant contracts and service agreements.

·  Manage IT staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions.

·  Establish and maintain regular written and in-person communications with the organization’s executives, department heads, and end users regarding pertinent IT activities.

 

Education and/or Experience:

 

·  5+ years of industry experience in information security, including 3+ years managing security for Internet-facing applications

·  8+ years of industry experience in software development or IT operations

·  BS in Computer Science or equivalent experience (MS or PhD a plus)

·  CISSP a plus

·  Strong familiarity with the state of the art in web vulnerability attacks and defenses

·  Demonstrated ability to communicate technical and business aspects of security issues accurately and clearly to stakeholders at all levels of organization Good understanding and technical knowledge of current network and PC operating systems, hardware, protocols, and standards, including Microsoft, Oracle, Frame Relay and Cisco.

·  Good understanding and technical knowledge of ITIL best practices for IT services management.

·  Superior understanding of the organization’s goals and objectives.

·  Demonstrated ability to apply IT in solving business problems.

·  In-depth knowledge of applicable laws and regulations as they relate to IT.

·  Strong understanding of human resource management principles, practices, and procedures.

·  Strong leadership skills.

·  Excellent written, oral, and interpersonal communication skills.

·  Ability to conduct and direct research into IT issues and products.

·  Ability to present ideas in business-friendly and user-friendly language.

·  Highly self-motivated, self-directed, and attentive to detail.

·  Ability to effectively prioritize and execute tasks in a high-pressure environment.

·  Extensive experience working in a team-oriented, collaborative environment.

 Work Conditions

 

·  On-call availability for 31 days per month.

·  Sitting for extended periods of time.

·  Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components.

·  Occasional inspection of cables in floors and ceilings.

·  Lifting and transporting of moderately heavy objects, such as computers and peripherals.

 

Benefits Include:401kFull Medical Package including, heath and dentalPaid HolidaysSick LeavePaid VacationCompetitive SalaryCasual Work Environment



To apply for this great opportunity, please send your resume to jobs@harborfreight.com