Company: Eileen Fisher
Location: Remote or Irvington, NY, NY
Employment Type: Full Time
Date Posted: 09/15/2020
Expire Date: 11/15/2020
Job Categories: Information Technology
The Security Engineer will identify and resolve Eileen Fisher’s Information Security Compliance and Business Continuity issues, initiatives, and standards. Will work cross functionally with the Information Technology, People and Culture, Communications, Legal, and eCommerce teams. This position requires technical proficiency as well as an eager attitude, professionalism, and solid communication skills.
Summary of Duties and Responsibilities:
1. Ensure that Eileen Fisher, Inc. maintains a PCI compliant status across its retail, e-commerce and other channels of business that accept credit cards.
2. Identify protection goals, objectives and metrics consistent with corporate strategic plan and IT governance requirements. Lead annual risk assessment and policy review processes. Provide periodic reports to Eileen Fisher management as necessary.
3. Manage the development, implementation and maintenance of global IT security policy, standards and procedures to ensure ongoing maintenance of security.
4. Day-to-day management of Eileen Fisher’s Information Security Operations and management of the Company’s security calendar. Information protection responsibilities will include network, application and systems security, system access controls, testing and monitoring policies, and employee education and awareness.
5. Maintain relationships with external regulators such as credit card associations, IT auditors, Payment Processors and PCI Standards Council.
6. Maintain organizations’ knowledge of regulatory requirements and emerging threats.
7. Oversee incident response as well as the investigation of security breaches and provide information associated with such breaches as necessary.
8. Oversee Patch Management, System Development Life-Cycle and other security operations processes including system acquisition/disposal, testing, sensitive data handling, encryption key management and system access control procedures.
9. Work with outside vendors as appropriate for items such as vulnerability scanning, incident response and penetration testing.
10. Analyzes information from various security logging systems, scanners, and AWS security tools and take appropriate actions.
11. Maintain dashboards and metrics to track the security posture of Eileen Fisher.
12. Implement, manage, and automate infrastructure and services used for security tooling.
13. Keep current with new technologies and threats in order to better inform Information Security processes and initiatives.
14. Assist with responses to technical questions from customers, auditors, and internal stakeholders.
15. Document and track risks, vulnerabilities, requirements, and exceptions, as well as the progress of their associated work streams
16. Perform other IS/IT support functions as workflow permit
- A knowledgeable engineer who can serve as an effective member of the IT organization, who can communicate to both technical and non-technical individuals about risks, threats, vulnerabilities, mitigations, remediations, and controls
- Must demonstrate meticulous attention to written, technical and procedural detail.
- Excellent time management skills with ability to manage projects and security/business continuity incidents sometimes under tight deadlines.
- Expert knowledge of the PCI-DSS and working knowledge of government privacy, and Sarbanes-Oxley requirements.
- Must have experience with auditing, and risk management, as well as contract and vendor negotiation.
- Must have a solid understanding of information technology and information security.
- A demonstrated ability to work with diverse groups of people.
Desired Experience: 5 years’ experience developing and administering an information security program is desirable. Retail experience preferred.
• Hands-on experience with Systems Administration and/or IP Networking
• Advanced certifications including CISSP
• Advanced technical writing and/or communication education and experience
• Experience with maintaining AWS Organization's Service Control Policies (SCP), and common AWS Identity & Access Management (IAM) roles and policies.
• Experience with securing AWS and Linux environments, preferably in a regulated environment subject to HIPAA or PCI-DSS
• An automation-first mindset
Company Name: Eileen Fisher