Director Infrastructure Services - Technology and Security Enablement

Address: USA-NC-Salisbury-2110 Executive Drive
Store Code: ADUSA Executive Administration (5158973)

Ahold Delhaize USA, a division of global food retailer Ahold Delhaize, is part of the U.S. family of brands, which includes five leading omnichannel grocery brands - Food Lion, Giant Food, The GIANT Company, Hannaford and Stop & Shop. Our associates support the brands with a wide range of services, including Finance, Legal, Sustainability, Commercial, Digital and E-commerce, Technology and more.

Primary Purpose:

The Director Infra Delivery - Technology and Security Enablement is responsible for defining and assessing ADUSA's security implementation and assurance practices. This role involves translating business objectives, security policies, and risk management strategies into specific security processes that are enabled by various technologies and services. This critical role works closely with the global security organization and CISO to manage and direct all IT activities related to security services, ensuring that business needs are met and operations run smoothly.

• Develops and maintains security processes and governance aligned with business, tech, and threat drivers.
• Creates security strategy roadmaps for cloud and on-premises infrastructures.
• Maintains security architecture artifacts, including models, templates, standards, and procedures.
• Establishes baseline security configuration standards for systems, including OS hardening, network segmentation, and identity and access management (IAM).
• Stays updated on the latest security technologies, trends, and best practices.

• Ensure enforcement of ADUSA's security policies, procedures, and practices.
• Represent ADUSA interests in AD Group cybersecurity operations, incident response, threat detection, and vulnerability management.
• Conducts risk assessments, security audits, and manage remediation efforts for vulnerabilities.
• Collaborates with AD Group Security to evaluate and deploy advanced cybersecurity tools and technologies.
• Establishes metrics and reporting frameworks to assess security program efficiency and effectiveness.
• Works with architecture, IT, and business teams to securely design and implement systems and networks.
• Delivers regular risk and program performance updates to executive leadership.
• Integrates security into projects and programs, vendor processes, and customer experiences with technology and operations teams.
• Manages third-party vendors and ensure adherence to regulatory standards (e.g., GDPR, HIPAA, PCI-DSS, ISO 27001, NIST).
• Implements ITIL-based processes to enhance application, infrastructure, and security delivery quality.
• Addresses issues with stakeholders to meet service level agreements (SLAs).

• Monitors developments and shifts in the digital business and threat landscape to ensure they are effectively addressed within security strategy plans and architectural frameworks.
• Examines IT infrastructure and reference architectures to identify security best practices and recommends updates to enhance safety and minimize risks where necessary.
• Validates security configurations and access permissions for tools such as firewalls, IPSs, WAFs, and anti-malware/endpoint protection systems.
• Collaborates with DevOps teams to promote secure coding practices and escalates any concerns regarding inadequate coding to the CISO.
• Works closely with the privacy office to document the flow of sensitive organizational data (e.g., PII or ePHI) and suggests controls like encryption or tokenization to secure this information.
• Reviews network segmentation within platform architecture and infrastructure, ensuring that network access adheres to the principle of least privilege.
• Assists in testing and validating internal security controls as directed by the CISO or internal audit team.
• Evaluates security technologies, tools, and services, offering recommendations to the broader security team based on metrics such as security effectiveness, operational efficiency, and financial feasibility.

• Provides security-planning advice for application and infra projects.
• Works with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those handling intellectual property (IP) and regulated or protected data.
• Evaluates statements of work (SOWs) to ensure adequate security protections.
• Coordinates with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems.
• Collaborates with the business continuity management (BCM) team to validate security practices during BCM testing and failover operations.

• 15 or more years of equivalent experience in relevant job or field of technology
• 5 or more years of equivalent experience in an advanced role or technical capacity, directly responsible for building high performing teams and scalable best practices to meet outcomes
• Strong communication and leadership skills with experience influencing departmental and senior business stakeholders.
• Bachelor's or master's degree in computer science, Information Systems, or a related field
• Experience in using architecture methodologies such as TOGAF.
• Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
• Proficiency in performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies
• Ability to plan, prioritize and drive issues, tasks, and deliverables from concept to closure

• MSc Computer Science/Information Management, Post graduate degree is preferred.
• Designed and implemented a Zero Trust security architecture
• 17+ years of relevant work experience; 5+ years leading teams and/or projects
• Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
• Full-stack knowledge of IT infrastructure:
  • Applications and Databases
  • Operating systems - Windows, Unix and Linux
  • Hypervisors
  • IP networks - WAN and LAN
  • Storage networks - Fibre Channel, iSCSI and NAS
  • Backup networks and media
  • Containers/Kubernetes
• Direct experience designing IAM technologies and services:
  • Active Directory, Lightweight Directory Access Protocol (LDAP)
  • Azure AD/MS, IBM ISAM/ITAM