Director of Cyber Defense Center
GapTech Information Security is the global information security function for Gap Inc. inclusive of, and across, all Gap Inc. brands. The Director of CDC will be responsible for the management and oversight of our Incident Response, Threat Intelligence, Red/Penetration Testing, and Forensics capabilities. This leader will also be responsible for the definition and execution of an evergreen strategy to increasing push the limits of our platforms from a reactive to a predictive threat response capability. This leader also has a critical role within the Cyber Security and Incident Response Team (CSIRT), coordinating all incident response activities across GapTech and working with the larger Business Continuity and/or Data Breach Response team during any suspected or actual data breach or information security event.
- Lead the response to Cyber Security threats and incidents for the collection, analysis, and preservation of digital evidence
- Collaborates with Corporate and Business Unit stakeholders and directs computer incident response and forensics program operation including managing both internal and external technical resources
- Develop and implement people, processes, and technologies to combat the range of threat actors targeting the organization and industry.
- Works on key operational decisions regarding cyber-attacks and threats, including spam and phishing, malware, criminal organizations, and advanced persistent threats
- Conduct research on current and developing cyber threats to the organization’s relevant industries and adjust the threat management program accordingly
- Ensure that all incidents are recorded and tracked to meet audit, compliance and legal requirements
- Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks.
- Provide expertise and knowledge of current industry trends in technology and cyber security risk standards to improve the security posture across the firm
- Ability and willingness to mentor and serve as a management and technical escalation point for the CDC
- Direct the day-to-day activities of the Network Security team to help envision/enable future network security direction and goals.
- Provide thought leadership using business communications, active collaboration, and leading cross-functional groups to deliver network security goals.
- Direct staff and manages personal and technical development.
- Develop external partnerships with vendors and outside entities as appropriate.
- Present business updates, recommendations, strategic opportunities and assessments to leadership and senior management as needed.
- Hire and develops outstanding Information Security talent.
- Direct network security operational strategies by analyzing trends; preparing critical security measurements; implementing production, productivity, quality, and customer-service strategies.
- Implement CDC strategies by anticipating requirements, trends, and variances; developing action plans; measuring and analyzing results; initiating corrective actions; minimizing the impact of variances.
- Plan/implement tools and capabilities by evaluating prevention, deterrent, detection, alert, profiling; identifying risks, weaknesses, and suspicious activities; developing safeguard policies, procedures, and controls; adhering to industry standards.
- Prepare security reports by collecting, analyzing, and summarizing data and trends.
- Understand emerging best practices and standards; participates in educational opportunities; maintains a professional network of peers; participates in professional organizations.
- Subject Matter Expertise in the area of security incident response and analysis of security events from multiple sources, including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (UNIX and Windows), mainframes, mid-range, applications, and databases
- In-depth knowledge and understanding of the security landscape and its business context and impact
- Exceptional written and verbal communication skills, including the ability to communicate technical and security related concepts to a broad range of technical and non-technical staff and management
- Demonstrated ability to build and execute complex security plans and strategies.
- Experience working with information security laws and standards, generally accepted information security principles, and accepted industry best practices.
- Experience working in a risk-based environment including mitigation planning and implementation.
- Operational flexibility in modifying business and operating practices to adapt to a changing environment.
- Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures.
- Leadership characteristics as shown by a history of inspiring and motivating people to a common purpose at all levels within a company.
- Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships.
- Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences.
- Proven success working across organizational and geographic boundaries.
- Contract and vendor negotiation experience.
- Preferred Certifications - CISSP, CISM, SANS GIAC Certified Incident Handler/Intrusion Analyst
Minimum Education Level
- Bachelor’s degree in Computer Science, Information Technology or a related technical discipline
- Minimum 7-10 years in an Information Security field, with at least five in the focus of Incident/Threat Response
Back to top