Manager, Information Security

Explore the possibilities across our global house of brands.

Defined by inclusivity rather than exclusivity, Tapestry embraces the exploration of individuality and invests in helping you grow personally and professionally. Every individual in our global house has the opportunity to make an impact, learn and be part of our growing and unique story.

At Tapestry, we have the freedom to express ourselves and run with our best ideas across Coach, Kate Spade New York, and Stuart Weitzman. We share a profound belief in both our individual and collective potential, and know that with hard work and dedication, anything is possible.

Primary Purpose:  The Manager, Information Security will play an integral part in the development, implementation, and compliance of Information Security across the global enterprise. The individual must be a motivated team player with a positive attitude, solid interpersonal skills and immediately take ownership within their area. The individual must be hands-on, work under minimal supervision and have the ability to work in a fast-paced small-team environment.

Key Responsibilities

• Act as the InfoSec SME for Infrastructure, Applications and Business initiatives
• Coordinate with IT and business partners to assess, implement, and monitor IT-related security risks
• Develop and implement security standards, procedures, and guidelines for multiple platforms and diverse environments
• Manage global Vulnerability Management Program:

• Conduct periodic vulnerability & application security assessments
• Review reports with responsible parties and work with them to develop remediation plan
• Coordinate directly with all necessary individuals/groups to ensure timely closure on findings
• Manage internal tools and external parties conducting assessments

• Manage Firewall Auditing Program:
  • Implement capabilities that detect/report on changes to network infrastructure.
  • Perform periodic reviews of internal and perimeter defenses (Firewalls, Web Proxies, SSL Decryption Solutions) ensuring features are efficiently and properly configured and device configurations meet Corporate Policy and security best practices.
  • Proactively identify issues and recommend configuration settings, security features or third party solutions to mitigate or improve security deficiencies in the IT infrastructure.
  • Work with the firewall and network engineer teams to resolve security related configuration issues.
• Manage Privileged Access Management Program:
  • Experience in integrating Privileged Access Management (PAM) with Identity and Access Management (IAM)
  • Addressing all PAM operational issues and ensuring stability of environment.
• Assess technical plans, evaluate technology issues, and work with both IT & business partners to set and communicate directions from an InfoSec perspective
• Ensure technology and business initiatives are in compliance with InfoSec policies, guidelines & standards
• Work closely with the Project Management, Enterprise Architecture and Vendor Management teams in providing timely security reviews & assessments to potential technologies being considered by the company
• Analyze/review information on current & emerging cyber threats and proactively communicate them to  applicable IT teams
• Work closely with the Forensics & Incident Response team to proactively lead/manage the InfoSec Incident Response Plan
• Develop security metrics and regularly develop meaningful reports for management review
• Ensure there are no repeat IS security related findings from regulatory and 3rd party exams 
• Maintain and advance industry expertise by reviewing new technologies; and participating in continuing education and training (for example, relevant industry certifications, forums).
• Support security assessments, audits, compliance initiatives, and remediation activities

Required Professional Skills

• BA/BS in Computer Science or equivalent
• Minimum 5 years of InfoSec experience
• Extensive knowledge and a proven record of success in managing InfoSec projects end-to-end
• Excellent organizational skills and strong attention to detail
• Strong analytical and problem-solving skills
• Ability to produce high-quality deliverables, reports, and presentations for IT team members & senior management
• Ability to manage multiple activities and competing priorities in a rapidly growing, fast-paced interactive, results-based team environment
• Ability to confidentially discuss and provide guidance on InfoSec in areas such as vulnerability assessment, penetration testing, identity and access management, web application security, secure network architecture, authentication, encryption data protection and internet networking in general (i.e. TCP/IP, DNS, routing, etc.)
• Formal certification in Information Security Management preferred (CISSP or equivalent)
• Experience working in Retail Industry is a plus

Required Technical Skills

• At least 5 years of practical InfoSec experience with hands-on knowledge in security technologies such as firewalls, VPN, IPS/IDS, content filters, Wireless Controllers, AV, SEIM, vulnerability assessment & application security tools and similar
• In-depth understanding of Vulnerability Management, Firewall Auditing & PAM
• Expert-level knowledge of leading vulnerability scanning tools (Rapid 7 Nexpose & InsightVM, Nessus, Metasploit, Burp, etc.)
• Familiar with Enterprise Firewall management tools such as Firemon, Tufin, AlgoSec.
• Strong knowledge & hands-on experience with PAM tools like CA, CyberArk, BeyondTrust.
• Strong understanding of RBAC, SAML, AD, LDAP, account lifecycle management, and other IAM tenets
• Strong experience with user provisioning and self-service; account creation and management; entitlement review and certification; entitlement management; enterprise directory architecture and design; role-based access control; single sign-on; identity federation; privileged user access management; multifactor authentication; public-key infrastructure
• Ability to interpret application security assessment reports & explain them to application partners
• Advanced security auditing experience including firewalls, VPNs, and network device configuration and security assessment.
• Strong understanding of Operating System/host (Windows, Unix, Linux, AIX, MAC OS, etc.)

Our Competencies for All Employees

• Drive for Results: Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.
• Customer Focus: Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.
• Creativity: Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings.
• Interpersonal Savvy: Relates well to all kinds of people, up, down, and sideways, inside and outside the organization; builds appropriate rapport; builds constructive and effective relationships; uses diplomacy and tact; can diffuse even high-tension situations comfortably.
• Learning on the Fly: Learns quickly when facing new problems; a relentless and versatile learner; open to change; analyzes both successes and failures for clues to improvement; experiments and will try anything to find solutions; enjoys the challenge of unfamiliar tasks; quickly grasps the essence and the underlying structure of anything.
• Perseverance: Pursues everything with energy, drive, and a need to finish; seldom gives up before finishing, especially in the face of resistance or setbacks.
• Dealing with Ambiguity: Can effectively cope with change; can shift gears comfortably; can decide and act without having the total picture; isn’t upset when things are up in the air; doesn’t have to finish things before moving on; can comfortably handle risk and uncertainty.

Our Competencies for All People Managers

• Strategic Agility: Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
• Building Effective Teams: Blends people into teams when needed; creates strong morale and spirit in their team; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging in the team.
• Managerial Courage: Doesn’t hold back anything that needs to be said; provides current, direct, complete, and “actionable” positive and corrective feedback to others; lets people know where they stand; faces up to people problems on any person or situation (not including direct reports) quickly and directly; is not afraid to take negative action when necessary.

Tapestry, Inc. is an equal opportunity and affirmative action employer and we pride ourselves on hiring and developing the best people. All employment decisions (including recruitment, hiring, promotion, compensation, transfer, training, discipline and termination) are based on the applicant’s or employee’s qualifications as they relate to the requirements of the position under consideration. These decisions are made without regard to age, sex, sexual orientation, gender identity, genetic characteristics, race, color, creed, religion, ethnicity, national origin, alienage, citizenship, disability, marital status, military status, pregnancy, or any other legally-recognized protected basis prohibited by applicable law. #LI-KS1 Visit Tapestry, Inc. at http://www.tapestry.com/