About Gap Inc.
Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy, Athleta, INTERMIX and Hill City — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.
But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us.
About the role
Director of Product Security
The Director of Product Security reports to the Chief Information Security Officer. This leader will work closely with their peers across Architecture, Development Engineering, and Technology Operations to ensure our Customer and Employee facing Products are appropriately resilient to attack.
Successful candidates will be actively exercise their Learning Agility, Change Leadership, Collaboration & Influencing, and Strategic Planning skills.
Role and Responsibilities:
• Leads Security Technical Architects to define Product/Platform Patterns and Standards deployed or leveraged within our on-premise Gap or cloud environments
• Leads Product Security Engineering that provides co-developed services, code libraries, or infrastructure configurations as appropriate to secure all Customer and Employee facing Products
• Continuously advances the Security Champions Program to develop and embed security skillsets within the development, engineering, and operations teams across the Product Lines
• Develops and maintains training curricula to ensure the Security Champions are kept up to date with all current and emerging technologies applicable to Gap
• Manages application penetration testing, code scanning, and remediation capabilities in collaboration with all Product Lines
• Advances application scanning and testing integration with CI/CD pipelines to minimize security defects and improve overall Product quality
• Partners with Product Management and Technical Project Leadership using a consultative approach to adapt security approaches to changing business strategies and priorities
• Thinks and acts strategically, staying in touch with emerging trends and advances in IT/security solutions to ensure Product Security approach and tools is always relevant
• Provides thought leadership with strong communication and active collaboration, across cross-functional teams and business partners
• Partners with Security Strategy & Governance to build and maintain a security controls framework that is current and applied across all technology environments
• Develops external partnerships with vendors and outside entities as appropriate
• Takes ownership of key initiatives, coordinating strategies with other members of Information Security and GapTech to maximize success
• Presents business updates, recommendations, and opportunities to senior business and technology leadership
• Hires and develops outstanding Information Security talent
Who you are
• Minimum 10 years of experience in information security leadership and management, 5 years minimum experience managing and developing teams, and 3 years minimum experience within dev/ops environments
• Demonstrated ability to build and successfully execute delivery plans leveraging cross-functional resources with varying levels of ability
• Working knowledge of relevant information security laws, regulatory standards, generally accepted information security principles, and accepted industry best practices
• Experience working in a risk based environment including mitigation, planning and implementation
• Operational flexibility in modifying business and operating practices to adapt to a changing environment
• Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
• Leadership characteristics as shown by a history of inspiring and motivating people to a common purpose at all levels within a company
• Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
• Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
• Proven success working across organizational and geographic boundaries
• Contract and vendor negotiation experience
• Experience with budget forecasting and overall financial management
• Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
• Bachelor’s degree in Computer Science, Information Technology or a related discipline
Benefits at Gap Inc.
- Merchandise discount for our brands: 50% off regular-priced merchandise at Gap, Banana Republic and Old Navy, 30% off at Outlet and 25% off at Athleta for all employees.
- One of the most competitive Paid Time Off plans in the industry.*
- Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
- Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
- Employee stock purchase plan.*
- Medical, dental, vision and life insurance.*
- See more of the benefits we offer.
*For eligible employees
Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. In 2016, Gap Inc. was named one of the Best Places to Work by the Human Rights Campaign for the thirteeth consecutive year and was the sole winner of the Catalyst award for equality in the workplace in 2016.