Holt Renfrew offers you an inspiring, fashion-driven environment with opportunities to learn and grow. From our incredible partnerships with iconic luxury brands, to our commitments to corporate social responsibility, you will be inspired every day.
As Canada’s leading luxury retailer, our purpose at Holt Renfrew is to Inspire a Life of Style and this inspiration starts with you! Together, we drive Passion, Warmth, Excellence, and Unity, to deliver extraordinary experiences and build lasting relationships with our customers and each other.
A job at Holt Renfrew offers a competitive total compensation, a generous employee discount, pension, and health & dental benefits, tuition assistance, and continuous learning and development.
Senior Manager, Information & Data Security
Key Responsibilities include:
- Lead the development and execution of the company’s information & data security strategy
- Ensure the company’s IT systems and data are secure by design and protected from cyberattacks and data loss. Ensure processes and procedures are in place to guide the company’s actions should an attack or loss take place
- Drive organizational awareness about Information and Data security
- Implement information and data security awareness training in collaboration with our Privacy office and IT management.
- Key contributor to the information and data security audit initiatives and work with all business teams / stakeholders to remediate gaps and vulnerabilities
- Responsible for the review, update and implementation of information and data security policies, procedures including technical security standards
- Provide input and guidance in terms of security oversight for IT systems design and implementation to ensure appropriate and effective security controls are included
- Assess, recommend and coordinate the implementation of technical controls, hardware and software to support and enforce defined security policies
- Inform Information & Data Security Management Framework including identifying and mitigate risks
- Key contributor to the implementation of the company’s Information & Data Security Program and roadmap. Including lead related initiatives and projects in partnership with IT / business teams
- Develop metrics and scorecards that measure operational and program KPIs
- Work closely with outsourced and third-party security service providers to ensure alignment of the appropriate policies and procedures
- Provide expert guidance to the organization regarding all information and data security matters
- Support the escalation point of contact for all information and data security incidents and threats
- Manage day-to-day activities of threat and vulnerability management, identify risks, tolerances, recommend treatment plans and communicate information about residual risk
- Work with stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation
- Prepare management reports and inform in executive updates
Requirements and Experience
- Degree in Computer Science, Management Information Systems, or a related technical field.
- 10+ years of combined experience in security risk and compliance management, assessment, auditing, research and/or consulting
- 5-7 years of hands-on experience on critical infrastructure processes that include Firewall, Email Security, IDS/IPS, Web filter, application filter, Security Incident and Event Management systems, Anti-Virus, Data Loss Prevention, Cloud, Network & Infrastructure security.
- Experience leading cross functional/inter disciplinary teams
- Active Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or equivalent industry certifications
- Experience with assessing and addressing regulatory compliance and data privacy requirements (GDPR, PIPEDA, PCi/DSS, etc.)
- Experience developing and implementing information security strategies, programs, policies and standards
- Demonstrated ability to perform security risk and compliance assessments in fast-paced, retail business and technology environments
- In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls
- Excellent verbal, written and interpersonal communication skills. Ability to communicate effectively with and positively influence the IT organization, management, employees, suppliers and all internal and external stakeholder