Director, Global Risk & Compliance
Who We Are:
HBC is a diversified retailer focused on driving the performance of high-quality stores and their Omni-channel platforms, and unlocking the value of real estate holdings. Founded in 1670, HBC is the longest continually operating company in North America. HBC’s portfolio today includes formats ranging from luxury to premium department stores to off price fashion shopping destinations, with more than 200 locations and 22,000 employees around the world. HBC’s leading businesses across North America include Saks Fifth Avenue, Hudson’s Bay, and Saks OFF 5TH.
A truly global corporate citizen, HBC is committed to responsible business practices to bring about positive change, and we work hard to shape a sustainable future for people and the planet. Our philanthropic initiatives help create healthy families, strong communities, and sport excellence in the cities and countries in which we operate around the world, while striving to create innovative programs and resources that provide flexibility for work-life balance in order to maintain a positive working environment
What This Position is All About
The Director of Global Risk & Compliance is responsible for implementing and overseeing the integrated Risk & Compliance Programs, which involves socializing Risk Management principles across the company to promote awareness and effective management of IT risks, issues, and opportunities. The Director will partner with cross functional business and technology owners to promote risk-informed decision-making, effective risk mitigation, accountability, and compliance with laws, regulations and policies.
She/he will proactively shares knowledge of technology risks and opportunities to improve efficiency and effectiveness of the Information Security and Cyber Resiliency. She/he will partner with business & IT leadership and other key stakeholders to define opportunities and prioritize Information Risk Management requests and projects.
- You have excellent written/verbal communication skills, and communicate, evangelize and promote Information Security at all levels (with both technical and non-technical stakeholders)
- You demonstrate skills in ability to successfully navigate within varying degrees of ambiguity in a fast-paced environment.
- You are a problem solver that is both performance and goal driven, with a continuous drive for improvement.
- 5 to 10 years of Risk & Compliance leadership experience in a demanding and dynamic environment, including experience in establishing strategy and implementation of Risk & Compliance Programs in a Hybrid Cloud model.
- At least 3 years of experience with managing teams with responsibles including strategic planning and managing project portfolios.
- More than 10 total years of relevant work experience, including consulting and general industry experience.
- An understanding of how business strategy, risk, regulation and technical constraints influence organizational responses to cyber security.
- An understanding of security methodologies, best practice and industry standards experience in risk & regulatory frameworks and standards such as NIST 800, ISO 27001, ISF SOGP, PCI-DSS, SOX, GDPR, CCPA and HIPAA.
- Excellent knowledge of cloud technology and information security technologies, such as firewalls, intrusion detection systems (IDS), data leakage protection (DLP), access management, anti-malware, and SIEM technologies.
- A sound understanding of how to model threats & risks as well as the controls necessary to mitigate them, on both an organizational and technical level.
As the Director, Global Risk & Compliance, you will:
- Develop, implement and/or maintain strategic Risk & Compliance Programs, including but not limited to:
- Issue Management
- Vendor Risk Management
- Vulnerability Management
- PCI Compliance (Level 1 Merchant)
- IS Training and Awareness
- Lead the implementation of the company’s GRC platform to find efficiencies and automate risk management processes.
- Mature the Information Risk Management Dashboard to better measure and report on the effectiveness of controls focusing on KRI/KPI.
- Partner with Internal Audit to support the company’s IT General Controls governance.
- Conduct ongoing Risk & Compliance assessments and monitoring of processes and procedures to ensure that the company complies with all relevant laws, regulations and policies.
- Partner with the Enterprise Security Architect to maintain the company’s Information Security Policy and Standards.
- Coordinate responses to RFIs and security related questionnaires.
- Manage and mentor a team of 7 on-shore and off-shore Risk & Compliance associates.
How Often You May Travel:
Your Life and Career at HBC:
- Be part of a world-class team; work with an adventurous spirit; think and act like an owner-operator!
- Exposure to rewarding career advancement opportunities from IT to Human Resources, Merchandising to Finance
Thank you for your interest with HBC. We look forward to reviewing your application.
HBC provides equal employment opportunities (EEO) to all employees and applicants for employment.