Sr. Director of Cybersecurity Programs

Tulsa, OK, United States

Nordstrom Sr. Director of Cybersecurity Programs Seattle , Washington Apply Now This is a Hybrid, Seattle or Chicago based opportunity

Who you are …

The Senior Director of Cybersecurity Programs is a strategic role responsible for the overarching management and enhancement of Nordstrom's cybersecurity posture. Reporting directly to the Chief Information Security Officer (CISO), this position is crucial for ensuring the integrity, confidentiality, and availability of Nordstrom's information assets. The successful candidate will lead a comprehensive cybersecurity program that includes direct oversight of Business Information Security Officers across all business units, and manage key cybersecurity programs such as risk management, identity and access management and operational technology.

Strategic Leadership: Develop and implement a comprehensive information security programs strategy in alignment with business objectives .

Team Management: Directly supervise Business Information Security Officers (BISOs) in each business unit, ensuring effective execution of cybersecurity strategies.

Cybersecurity Remediation: Collaborate with technology leaders across business units to prioritize and address cybersecurity vulnerabilities and incidents.

Program Oversight: Manage Business Continuity, Disaster Recovery cybersecurity measures, Identity and Access Management, and Cyber Operational Technology programs.

Collaboration: Work closely with the Senior Director of Security Operations and the Senior Director of Governance, Risk, and Compliance to maintain and enhance Nordstrom's security posture.

Risk Management: Oversee the governance, risk management, and compliance functions, ensuring they are effectively integrated into the cybersecurity strategy.

Stakeholder Engagement: Act as a key liaison between the Cybersecurity and Privacy Organization, business unit leaders, and external partners on matters related to cybersecurity and privacy. Facilitate cyber-related prioritization activities and educate business partners on cybersecurity matters.

A day in the life…

Oversee and define business cybersecurity processes as part of the cybersecurity program.

Ability to identify the security processes and competencies requiring adaption to the unique risk and compliance profiles of individual business units.

Participation and input on strategic planning and budget requirements for the global cybersecurity program.

Strong communication skills (oral and written) with the ability to communicate with all levels of cybersecurity, compliance, and business within the organization, including preparing communications for senior-level management and the board of directors regarding business cybersecurity activities.

Collaborate on all cybersecurity and privacy efforts at the direction of the CISO

Create and manage a business unit security and risk management strategy to manage and reduce risk to an acceptable level.

Set the tone, direction and roadmap for major cyber programs such as identity and access management, BC/DR, Cyber operational technology.

Conduct Security Council meetings with the business units to discuss business security posture, metrics, KPI’s, risks and key security projects designed to support the business .

Creates the tactical plans, KPI’s and metrics for each BISO to ensure alignment and consistency with cybersecurity and reporting requirements.

Establish annual virtual or physical site visits to ensure alignment to Nordstrom Security policies; as well as, maintaining a baseline security posture.

Responsible for providing risk management support for a line of business in key risk identification, measurement, monitoring, control and reporting, and the understanding and management of risk through appropriate practices and processes. Accountable for monitoring the risk and control environment and provides effective challenge to internal and external stakeholders to ensure that exposures are kept at acceptable levels.

Provides oversight along with the BISOs on various events and active threats occurring at the business level, as identified by the Security Operations Center (SOC)

Directs teams in the development of risk dashboards and reporting formats in alignment with risk appetite/profile and leads teams in the identification, quantification and aggregation of risks using analytical methodologies.

Reviews, communicates and recommends the development of risk policies and procedures in partnership with senior leaders to ensure appropriateness and adequacy versus industry best practices and regulatory requirements.

Provide first-level evaluation of technology capabilities that may be required at the business level and evaluate potential vendors to fill current technology/resource needs.

Implement and execute a technical growth program to continually develop the skillsets of the BISOs and their respective organizational structure,

Clearly communicate technical concepts to practitioners including senior leaders, Executive Leadership Team, Board of Directors and non-technical stakeholders.

You own this if you have…

Demonstrated success and understanding of accepted frameworks such as, ISO/IEC 27001, COBIT, and NIST, including 800-53 and the Cybersecurity Framework.

10 years or more of broad technology or cybersecurity experience, with at least 5 years in a leadership role overseeing cybersecurity programs.

Relevant security certifications are desired (e.g., CISSP, SANS GSEC, CEH, CISM, etc.).

In-depth knowledge of U.S. regulatory compliance requirements and privacy laws, specific to information technology, industrial control systems, and/or connected products.

Experience with risk management of Emerging New Technologies (such as Artificial Intelligence, Machine learning and Cloud)

Strong verbal and written communication skills.

Excellent analytical and technical skills.

Bachelor’s degree in related field; advanced degree in management or a related technical field will be a plus.

Conversational skills in one or more non-native languages. Verbal and written fluency in two or more languages will be a plus.

Experience with communicating and coordinating with external third-party technical and non-technical resources during routine SOC activities as well as active incident response.

Our employees are our most important asset and that’s reflected in our benefits. Nordstrom is proud to offer a variety of benefits to support employees and their families, including:

Medical/Vision, Dental, Retirement and Paid Time Away

Life Insurance and Disability

Merchandise Discount and EAP Resources

A few more important points...

The job posting highlights the most critical responsibilities and requirements of the job. It’s not all-inclusive. There may be additional duties, responsibilities and qualifications for this job.

Nordstrom will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

Applicants with disabilities who require assistance or accommodation should contact the nearest Nordstrom location, which can be identified at www.nordstrom.com .

Current Nordstrom employees: To apply, log into Workday, click the Careers button and then click Find Jobs.

The pay range(s) below are provided in compliance with state specific laws. Pay ranges may be different in other locations.

Washington: $221,000-$365,000 annually plus applicable cash and equity bonuses.

About Us

We’re a fast-moving fashion company that started as a shoe store in 1901. This heritage of service is the foundation we’re building on as we provide convenience and true connection for our customers. We empower our people to be innovative, creative and focused on providing the best service to our customers. Through it all, we remain committed to leaving the world better than we found it.

Whether you’re a genius engineer, a phenomenal salesperson or a supply chain pro, we invite you to bring your unique talents and join our team. We reward great work, promote from within and celebrate diversity.

CUSTOMER OBSESSEDWe strive to know our customers better than anyone else. We listen, anticipate, build trust and move with speed to deliver on their needs.

OWNERS AT HEARTWe treat every interaction as an opportunity to make an impact and deliver excellence.

CURIOUS AND EVER CHANGINGWe approach problems with curiosity and create solutions. We unlock potential to be bold, think big and inspire innovation.

HERE TO WINWe’re committed to delivering results, both today and tomorrow. We win as a team by supporting and challenging one another to be better every day.

WE EXTEND OURSELVESWe treat each other with respect and kindness. We do the small things that make a big difference. We create a welcoming environment, helping people feel connected, valued and part of one community.

#J-18808-Ljbffr