Who We Are:Saks Cloud Services (SCS) is an operating company within Saks, the premier digital platform for luxury fashion. SCS provides IT infrastructure services, technology consulting and systems integration services, while also serving as a software reseller and service provider.
Role DescriptionSaks Cloud Services is looking for an Information Security Governance Lead to be a key member of the Saks Cloud Services Information Security organization. We seek a dynamic Information Security Governance Lead that enjoys working on security challenges in a collaborative fashion. This person will be a contributor to the Information Security Governance team focusing on ITGC SOX audits, PCI-DSS, Third Party Risk Assessments, and other GRC areas.
The Information Security Governance Lead will be responsible for gathering, organizing, reviewing, and submitting control evidence to internal and external auditors, under the direction of the GRC leadership. The Information Security Governance Lead will work closely with IT, Finance, Internal and External Audit, and Human Resources. The Information Security Governance Lead should have excellent communication skills and effectively communicate risks and status to all control owners. The Information Security Governance Lead is an individual contributor role.
Responsibilities:Responsible for creating and rolling out updated Information Security policies and standards. Responsible for aligning security requirements with business objectives and understanding applicable alignment with security and risk compliance frameworks. Support and manage the enterprise information security controls framework as well as work with global stakeholders on corresponding policies, procedures, and standards (ISO27001).Following direction from the GRC leadership team, support the Payment Card Industry (PCI-DSS) compliance program, including technical controls implementation, gap identification, and liaising with PCI QSA auditors. Serve as a cross-functional project lead in support of PCI compliance objectives and ensures internal teams are prepared for assessments, deliverables, and due dates needed to meet annual compliance requirements.Following direction from the GRC leadership team, support the ITGC SOX program.Perform IT SOX reviews and test ITGC controls. Gather and submit control evidence to internal and external auditors.Review control evidence for adherence to accuracy, completeness, and precision of control execution for all ITGC.Review test findings, perform root-cause and impact analyses for control deficiencies and develop remediation action plans that improve the control environment.Collaborate and build long-term relationships with key stakeholders in a fast-paced and matrixed work environment.Provide status reporting for IT SOX deliverables and meet prescribed deadlines.Provide training to stakeholders in order to allow them to address concerns for our IT audit partners and Internal Audit.Understand Data Privacy regulations - e.g., PII - Personal Identifiable Information, and implement solutions to meet those regulations. Develop necessary capabilities, standards, and services, in partnership with Marketing, Product, and Technology departments, to protect sensitive information effectively.Engages with business units to identify risks and track the implementation of risk mitigation plans. Assesses risk management tools, techniques, and procedures to enhance risk management capabilities throughout the enterprise.Supports the development of metrics for the Information Security risk management reporting dashboard including the status of the security governance, risk remediation, and audit compliance efforts.Assist in the implementation of governance and risk management solutions to automate processes and workflows.Represent the information security program during contract negotiations. Participate in and support Third-Party Risk Assessment activities of prospective and existing vendors.Provide input and direction into the development and maintenance of the Disaster Recovery and Business Continuity Plans.
Qualifications:Expertise in Information Security Governance Risk and Compliance is required.Expertise in Payment Card Industry – Data Security Standard (PCI-DSS) required.Experience with information security controls frameworks (NIST 800-53, ISO27001, PCI-DSS).Experience with ITGC SOX, Audits, evidence testing and submission is required.Data privacy and protection experience is highly preferred (GDPR, CCPA/CPRA).Experience executing information security risk assessment methodologies and familiarization.Experienced in assessing security risks in modern cloud Software as a Service (SaaS), Platform as a Service (SaaS), and Infrastructure as a Service (IaaS) technologies. Experienced with evaluating and validating controls around the full technology stack from application, operating system, database, and networking layers.Expertise in technical and business environment, familiarity with security standards, experience with business continuity, disaster recovery, auditing, risk management, vulnerability assessments, and cyber-security and incident management.Ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action as needed.Ability to analyze, communicate, articulate risk, governance, and compliance trends and program requirements.Excellent written and verbal communications, critical thinking skills, effective interpersonal skills, strong formal presentation abilities.Minimum of 6 years of experience in Information Security Governance Risk and Compliance role, preferably in the retail sector.Certification of either CISSP or CISM is preferred.Bachelor or Masters in Computer Science, Information/Cyber security, and/or Information Systems.
Your Life and Career at Saks Cloud Services:Be a part of an entrepreneurial team hyper focused on massive growth Convenient and collaborative modern offices in Lower Manhattan with onsite perksBenefits package for all eligible full-time employees (including medical, vision and dental) An amazing employee discount
Thank you for your interest with Saks Cloud Services. We look forward to reviewing your application. Saks Cloud Services provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Saks Cloud Services complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Saks Cloud Services welcomes all applicants for this position. Should you be individually selected to participate in an assessment or selection process, accommodations are available upon request in relation to the materials or processes to be used.
