Director, IT Security

Serving the needs of all families with young children, Carter's Inc. is the largest North American apparel retailer exclusively for babies and young children, encompassing Carter's, OshKosh B'gosh, Skip*Hop and Little Planet brands. Meaningful work, constant learning, genuine people, and a community guided by core values that promote inclusion and innovation is in everything we do. There are many reasons to build your career at Carter's.

HOW YOU'LL MAKE AN IMPACT:

The Director of IT Security is responsible for establishing, maintaining and overseeing the enterprise-wide strategy, architecture, policies and programs to ensure information assets are protected, while maintaining an understanding and managing the risks and challenges facing the company and the retail industry. This role will ensure information technology (IT) systems, networks, internal and external computing environments and other third-party providers are secure. This position will develop and implement cyber security initiatives; security frameworks; conduct and oversee security operations for the ongoing protection of the Carter's internal and external global environment; standards. They will lead investigations related to security breaches and cyber crimes, often working with third party advisors.

The Director of IT Security will direct and manage the activities and personnel of the Information Security Services Team, including focus on the following capabilities:

Security Operations Management

• Management the day-to-day operations of the IT Security programs
• Management of the Security Operations Center responsible for 24/7/365 security monitoring and threat detection/prevention for the organization
• Develop and report on security operations dashboards, metrics and KPIs relevant to understanding and improving Carter's security capabilities and defense levels
• Monitors network of vendors and employees to ensure the safeguarding of information assets

Security Engineering

• Assist in the development, implementation, integration, and maintenance of the security strategy roadmap, including security tools and technologies
• Provide leadership oversight for security tools deployment, implementation, adoption and maturity including applicable hardware, software, firewalls, intrusion detection systems, security event management systems, anti-virus and malware solutions, cryptography systems, access control systems, or any other solutions required for enterprise cyber and systems protection and monitoring
• Develops and operationalize emergency procedures and incident response protocols. Acts as the control point during significant privacy and security incidents
• Investigates security breaches, communicates and coordinate with appropriate partners and executive management
• Conducts periodic penetration testing and security audits. Establishes risk assessment criteria and methodology
• Builds and sustains strong relationships with Carter's functional and technical teams and serves as a trusted advisor on security
• Manage a multi-functional team of 7- 10 to include security engineering, security operations, and IT risk and compliance
• Lead Managed Security Services Providers to augment the team's ability to monitor and manage IT security events and security operations
• Manage a significant operational and capital budget for the security organization
• Support development of materials required for Audit Committee and Board presentations

WE'D LOVE TO HEAR FROM YOU IF:

Must haves:

• Proven experience in planning security strategy and IT security projects for a multi-billion, global organization. Public company experience is preferred.
• Successful experience leading following domains: application security; security technologies and products; security engineering. Strong understanding of the following areas: analysis and investigations; risk assessment and management; disaster recovery.
• In-depth knowledge of cloud architecture and platform operating systems, including Windows, Linux, and Unix.
• Experience with Wide Area Network/Local Area Network/Wireless Network, TCP/IP and related protocols.
• Strong knowledge of Intrusion Detections and Prevention techniques.
• Understands disaster recovery (DR) planning and execution, and is able to influence IT infrastructure, IT application, and business owners on DR planning and practices.
• Strong written and verbal skills and executive presence to interact effectively with all levels of leadership, board members, IT staff, vendors, auditors, 3rd party business application providers, and other parties impacting the company's security state.
• Experience with Managed Service Providers in providing security services including establishing protocol, measuring provider metrics, understanding contractual agreements, and general day-to-day monitoring and operational expectations.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.

Preferred skills and experience:

• Bachelor Degree and 10+ years IT experience, with minimum 5 years of leadership in information security, preferably in retail industry.
• Minimum 3 years of direct hands-on experience or direct management of firewall administration, intrusion detection systems, data encryption software, information security systems, event management systems, and working knowledge of switches and routers.
• A Certified Information System Security Professional (CISSP) or equivalent certification from a recognized professional organization such as International Informational Systems Security Certification Consortium (ISC2), Global Assurance Certification (GIAC), or Information Systems Audit and Control Association (ISACA) is preferred.

OUR TEAM MEMBERS:

• Lead Courageously: Have a strong sense of personal values that align with our Company values
• Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment
• Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients
• Drive Growth: Set aggressive goals and implement plans precisely
• Cultivates Innovation: Respectfully challenge the "we've always done it this way" mentality and explore new ways to achieve desired outcomes

MAKE A CAREER AT CARTER'S:

Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter's University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.

Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.