Information Security Engineer at Gymboree
Posted in General Business 30+ days ago.
This job brought to you by eQuest
Location: San Francisco, California
Gymboree Group, Inc. is a portfolio of children's brands operating specialty retail stores with high-quality clothes and accessories. Our family of brands includes Gymboree, Janie and Jack, and Crazy 8. Since our start in 1976, we have grown from offering mom-and-baby classes in the San Francisco Bay Area to currently operating hundreds of retail stores throughout the United States, Canada, and Puerto Rico, along with franchises around the world. We believe that respect for the customer, respect for the brand, and respect for each other are at the core of everything we do.
As Gymboree continues to mature the information security program, we recognize the value of a formal information security engineering and architecture process as one of the key enablers of such a program. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The Information Security Engineer contributes to the operational and project activities using industry standard best practices, regulatory guidelines, and corporate policy.
- Work closely with engineers and architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Develop the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
- Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Research, evaluate, recommend, and develop secure solutions, based on approved security architectures. Analyze business impact and exposure, based on emerging security threats, vulnerabilities and risks.
- Deploy and maintain Gymboree’s security infrastructure solutions.
- Assist security administrators and IT staff in the resolution of reported security incidents.
- Participate in security investigations and compliance reviews, as requested by internal or external auditors.
- Bachelor's degree in Information Systems or other related field; or equivalent work experience
- 7 to 10 years of combined IT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired
- Experience with solutioning for PCI DSS and SOX GCC compliance
- Understanding of Retail industry and applications
- Experience with securing cloud (PaaS, IaaS, SaaS, AaaS) and Data Center environments
- Expert knowledge of security issues, techniques and implications across all existing computer platforms
- Experience in integrating solutions between cloud and data center environments
- Experience with mainstream operating systems like Unix, Linux, Windows and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools
- Ability to work well under minimal supervision
- Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel
- Demonstrable written and verbal communication skills
Gymboree Group, Inc. is unable to provide relocation assistance for this position. Principals Only. EOE. No phone calls please.