About Gap Inc.
Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy, Athleta, INTERMIX and Hill City — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.
But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us.
About the role
GapTech Information Security (InfoSec) is the global cybersecurity division of Gap Inc. inclusive of, and across, all our brands. As the Information Security Risk Manager, you will be responsible for leading, articulating and tracking actions related to developing and driving the implementation of security risk management plans, ensuring effective risk management practices, and engaging with internal and external business partners on information security matters to achieve overall business objectives. We are looking for a detail-oriented Manager with strong collaboration and influencing skills to evaluate security risks and compliance obligations, recommend mitigation strategies to protect the confidentiality, integrity and availability of Gap Inc.’s information systems and data, and monitor risks to remediation. This role is critical in helping business partners and technical teams understand the risks inherent in their activities, impact of their risk-taking actions on the company, and opportunities to reduce or avoid risks altogether.
What you'll do
- Define and implement Information Security Risk Management Framework based on industry
cybersecurity frameworks & standards, such as NIST, COBIT, CIS Critical Security Controls, ISO 27001, to quantitively assess and manage security risks at Gap Inc.
- Enhance and manage InfoSec risk management processes; including risk identification, assessment, monitoring, remediation, and acceptance
- Collaborate with teams within and outside of Information Security to assess, monitor, and reduce security risk across Gap Inc.’s environment
- Partner with IT Compliance to ensure internal and external business partners are in compliance with security standards and regulations such as PCI DSS, GDPR, ISO 27001/27002, NIST, CIS, etc.
- Manage collection and reporting of relevant Information Security risk metrics to leadership
- Perform vendor risk reviews of third party products and services used by Gap Inc.
- Collaborate with Legal, Privacy, and Sourcing teams to assess third party / vendor risks
Who you are
- Bachelor’s degree in Computer Science, Information Technology or a related technical discipline
- 5+ years of relevant business experience in Information Security, Risk Management and Compliance
- Strong understanding of information security laws, regulations and standards (e.g. NIST, ISO 27001/27002, PCI DSS, GDPR, SSAE 16, CIS Critical Security Controls, COBIT, COSO) and accepted information security principles and best practices
- Experience working in a risk-based environment including risk identification, measurement, mitigation, monitoring, and reporting
- Experience in third party risk management / vendor management
- Operational flexibility in modifying business and operating practices to adapt to a changing environment
- Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
- Preferred Certifications - CISSP, CISA, CISM
Benefits at Gap Inc.
- Merchandise discount for our brands: 50% off regular-priced merchandise at Gap, Banana Republic and Old Navy, 30% off at Outlet and 25% off at Athleta for all employees.
- One of the most competitive Paid Time Off plans in the industry.*
- Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
- Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
- Employee stock purchase plan.*
- Medical, dental, vision and life insurance.*
- See more of the benefits we offer.
*For eligible employees
Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. In 2016, Gap Inc. was named one of the Best Places to Work by the Human Rights Campaign for the thirteeth consecutive year and was the sole winner of the Catalyst award for equality in the workplace in 2016.
Browse all jobs