This position reports to the Senior Manager of Global Information Security. This position is responsible for the continuous operation of the Global Information Security Operations Center and Threat and Vulnerability Management group. This individual and staff are responsible for providing continuous monitoring of Office Depot ’s global computing environment, ensuring the integrity of the environment. They are responsible for securing our environment and monitoring our environment for attempts to breach its security. The work of this group includes managing the various scanning tools, assessing and analyzing the data collected from those tools, as well as tracking and reporting on suspicious activity. Additionally, they are responsible for leading penetration tests, ethical hacking, and red team exercises. This position is responsible for detecting intrusions and leading our response to any intrusion.
Primary Responsibilities:
- Manage, implement and monitor a strategic, comprehensive enterprise-wide information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
- Design, develop and recommend security standards and implement them.
- Manage information security activities related to the protection of PCI and PII information. Ensure that Office Depot follows all applicable regulatory and compliance directives and policies regarding securing and monitoring of PCI and other sensitive information.
- Provide input into information security budgets and participate in contract negotiations.
- Assists with security road map design and vendor selection.
- Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities regarding information classification and protection. Provide subject matter expertise to executive management on a broad range of information security standards and best practices.
- Provide strategic and tactical security guidance for key IT projects, including the evaluation and recommendation of technical controls.
- Liaise with the Information Security Architecture & Engineering team and the Information Security Information Assurance team.
- Liaise between the information security team and corporate compliance, audit, legal, Security/Safety and HR management teams as required.
- Create and facilitate the information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings and management of outside assessors.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, fixed assets, and the company's reputation.
- Coordinate the use of external resources involved in the information security program, inclu