Posted on: October 22, 2019 | Job#: 302863

Director - Security Operations

Full-time | One Harrison Street, San Francisco, CA, US 94105

Apply

We’ll send you to our application portal to get started

About Gap Inc.

Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy, Athleta, INTERMIX and Hill City — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.

But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us. 

About the role

GapTech Information Security is the global information security function for Gap Inc. inclusive of, and across, all Gap Inc. brands. The Director of CDC will be responsible for the management and oversight of our Incident Response, Threat Intelligence, Red/Penetration Testing, and Forensics capabilities. This leader will also be responsible for the definition and execution of an evergreen strategy to increasing push the limits of our platforms from a reactive to a predictive threat response capability. This leader also has a critical role within the Cyber Security and Incident Response Team (CSIRT), coordinating all incident response activities across GapTech and working with the larger Business Continuity and/or Data Breach Response team during any suspected or actual data breach or information security event.

What you'll do

  • Lead the response to Cyber Security threats and incidents for the collection, analysis, and preservation of digital evidence
  • Collaborates with Corporate and Business Unit stakeholders and directs computer incident response and forensics program operation including managing both internal and external technical resources
  • Develop and implement people, processes, and technologies to combat the range of threat actors targeting the organization and industry.
  • Works on key operational decisions regarding cyber-attacks and threats, including spam and phishing, malware, criminal organizations, and advanced persistent threats
  • Conduct research on current and developing cyber threats to the organization’s relevant industries and adjust the threat management program accordingly
  • Ensure that all incidents are recorded and tracked to meet audit, compliance and legal requirements
  • Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks.
  • Provide expertise and knowledge of current industry trends in technology and cyber security risk standards to improve the security posture across the firm
  • Ability and willingness to mentor and serve as a management and technical escalation point for the CDC
  • Direct the day-to-day activities of the Network Security team to help envision/enable future network security direction and goals.
  • Provide thought leadership using business communications, active collaboration, and leading cross-functional groups to deliver network security goals.
  • Direct staff and manages personal and technical development.
  • Develop external partnerships with vendors and outside entities as appropriate.
  • Present business updates, recommendations, strategic opportunities and assessments to leadership and senior management as needed.
  • Hire and develops outstanding Information Security talent.
  • Direct network security operational strategies by analyzing trends; preparing critical security measurements; implementing production, productivity, quality, and customer-service strategies.

Who you are

  • Subject Matter Expertise in the area of security incident response and analysis of security events from multiple sources, including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (UNIX and Windows), mainframes, mid-range, applications, and databases
  • In-depth knowledge and understanding of the security landscape and its business context and impact
  • Exceptional written and verbal communication skills, including the ability to communicate technical and security related concepts to a broad range of technical and non-technical staff and management
  • Demonstrated ability to build and execute complex security plans and strategies.
  • Experience working with information security laws and standards, generally accepted information security principles, and accepted industry best practices.
  • Experience working in a risk-based environment including mitigation planning and implementation.
  • Operational flexibility in modifying business and operating practices to adapt to a changing environment.
  • Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures.
  • Leadership characteristics as shown by a history of inspiring and motivating people to a common purpose at all levels within a company.
  • Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships.
  • Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences.
  • Proven success working across organizational and geographic boundaries.
  • Contract and vendor negotiation experience.
  • Preferred Certifications - CISSP, CISM, SANS GIAC Certified Incident Handler/Intrusion Analyst
  • Bachelor’s degree in Computer Science, Information Technology or a related technical discipline
  • Minimum 7-10 years in an Information Security field, with at least five in the focus of Incident/Threat Response

Benefits at Gap Inc.

  • Merchandise discount for our brands: 50% off regular-priced merchandise at Gap, Banana Republic and Old Navy, 30% off at Outlet and 25% off at Athleta for all employees.
  • One of the most competitive Paid Time Off plans in the industry.*
  • Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
  • Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
  • Employee stock purchase plan.*
  • Medical, dental, vision and life insurance.*
  • See more of the benefits we offer.

*For eligible employees

Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. This year, we’ve been named as one of the Best Places to Work by the Humans Rights Campaign for the fourteenth consecutive year and have been included in the 2019 Bloomberg Gender-Equality Index for the second year in a row.

Apply

We’ll send you to our application portal to get started

Browse all jobs

Recently Viewed