This position reports to the Senior Manager of Global Information Security. This position is responsible for the continuous operation of the Global Information Security Operations Center and Threat and Vulnerability Management group. This individual and staff are responsible for providing continuous monitoring of Office Depot's global computing environment, ensuring the integrity of the environment. They are responsible for securing our environment and monitoring our environment for attempts to breach its security. The work of this group includes managing the various scanning tools, assessing and analyzing the data collected from those tools, as well as tracking and reporting on suspicious activity. Additionally, they are responsible for leading penetration tests, ethical hacking, and red team exercises. This position is responsible for detecting intrusions and leading our response to any intrusion.
Primary Responsibilities:
- Manage, implement and monitor a strategic, comprehensive enterprise-wide information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
- Design, develop and recommend security standards and implement them.
- Manage information security activities related to the protection of PCI and PII information. Ensure that Office Depot follows all applicable regulatory and compliance directives and policies regarding securing and monitoring of PCI and other sensitive information.
- Provide input into information security budgets and participate in contract negotiations.
- Assists with security road map design and vendor selection.
- Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities regarding information classification and protection. Provide subject matter expertise to executive management on a broad range of information security standards and best practices.
- Provide strategic and tactical security guidance for key IT projects, including the evaluation and recommendation of technical controls.
- Liaise with the Information Security Architecture & Engineering team and the Information Security Information Assurance team.
- Liaise between the information security team and corporate compliance, audit, legal, Security/Safety and HR management teams as required.
- Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings and management of outside assessors.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, fixed assets, and the company's reputation.
- Coordinate the use of external resources involved in the information security program, including, but not limited to, interviewing, negotiating contracts and fees, and managing external resources.
- Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
- Direct the implementation of security technologies including (a) evaluating security products; (b) installing security products and making necessary system changes; (c) developing rollout plans and communications to Office Depot's staff; and (d) training and coordinating with other IT departments.
Supervise dotted line reports including input into performance reviews, goal setting, and hiring activities.
Education and Experience:
- Level of Formal Education: Bachelor's degree or equivalent experience
- Area of Study: Computer Science, Electrical or Software Engineering, or similar technical field of study.
- Minimum Years of Experience: 8 years, with 6-8 years of relevant information security experience
- Type of Experience: Risk Management, Vulnerability Management, Threat Analysis, Security Auditing, Security Monitoring, Red Teaming, Penetration Testing, Incident Response, Project Management, and other Information Security Practices.
- Technical Competencies & Information Systems: expertise in generic information security standards and experience in deploying some set of these standards like PCI, SOX, Sans and ISO 27001-27005.
- Skills & Abilities:
- Candidate must have thorough understanding of following technologies/systems: Networking; Firewall (Checkpoint); NIPS, network monitoring (Checkpoint, AirDefense, SNORT); HIDS (Tripwire); VPN (Cisco); Proxy (Bluecoat); Spam appliance (Postini); Server architectures including hardening frameworks; Endpoint firewall, antivirus, patching, and client hardening frameworks; End user authentication (Microsoft Azure), PKI (CAC, Microsoft), Enterprise tools, event management (Qualys, Splunk Enterprise, Microsoft Defender); Application related - SQL injection, cross site, mobile, database, scripting languages, Web (Apache, IIS, Tomcat, WebSphere). Bugcrowd. Email anti-phishing (Proofpoint).
- Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors, assessors, and inspectors.
- Critical thinker with strong problem-solving skills; thorough project management skill set.
- Ability to lead and motivate cross-functional, interdisciplinary response teams.
- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
- High degree of initiative, dependability, and ability to work with little supervision
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
About The ODP Group: The ODP Group, through its business entities ODP Business Solutions and Office Depot, is a leading provider of products, services, and technology solutions through an integrated business-to-business (B2B) distribution platform and omnichannel presence, which includes world-class supply chain and distribution operations, dedicated sales professionals, online presence, and a network of Office Depot and OfficeMax retail stores.
Commitment to Safety: We are committed to maintaining a safe and healthy work environment for our Coworkers and our customers. All Coworkers are expected to support our operational safety culture by working safely and addressing potential hazards or concerns.
Disclaimer: The above statements are intended to describe the general nature and level of work being performed by Coworkers assigned to this classification and are not intended to be a complete list of all responsibilities, duties and skills required of Coworkers so classified. Other duties may be assigned.
Pay, Benefits & Work Schedule: The company offers competitive salaries, a benefits package, which includes a 401(k) and more, along with plenty of opportunities to move and grow within our organization! You may be eligible to participate in an incentive program, paid in accordance with the Incentive Plan terms and conditions.
Equal Employment Opportunity: The company is committed to providing equal employment opportunities in all employment practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, citizenship status, marital status, age, disability, protected veteran status, sexual orientation or any other characteristic protected by law.
We will consider for employment qualified applicants with arrest and conviction records pursuant to the City & County of San Francisco Fair Chance Ordinance.
Application Deadline: The job posting will remain open for a minimum of 3 days and will expire once the position has been filled.
How to Apply: Click the "Apply Now" button and follow the instructions on each page. When you have completed the application, click the "Submit" button.
