San Francisco, CA, US
Text size
aA+ aA-
Click here to print

Director, Ecommerce And Retail Security

Country : USA USA

State : California

County : San Francisco County

Town : San Francisco

Category : Sales

Contract type : Permanent

Availability : Full time

Company presentation

Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy, Athleta, INTERMIX and Hill City — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.

But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us.

Job description

About the RoleGap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.'s four renowned brands - Gap, Banana Republic, Old Navy, Athleta. We're looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you'll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?
GapTech Information Security is the global information security function for Gap Inc. inclusive of and across, all Gap Inc. brands. The Ecommerce & Retail Security Director is a member of the Product Security team within GapTech Information Security, and reports to the Head of Product Security. In this role, the Director will cater to the needs of the business, engage with the E-commerce and Retail products, its infra, and developer teams, be responsible for building a strategy for implementing security controls across all 4 customer facing Websites, IOT devices in 2500+ stores, customer contact centers governing and providing technical advisory support across a rapidly modernizing and dynamic hybrid multi-cloud and retail, supply chain environment, ensuring governance and compliance with legal and regulatory requirements, maintain Gap Inc. Information Security policies, standards, and industry best practices.What You'll Do
- Manage, mentor, lead and hire Ecommerce and Retail Security professionals to meet the needs of a dynamic organization to secure and assist our Gap Inc customers.
- Provide strategic and tactical vision, and execution, focused on incident prevention, detection and response in Gap Inc Selling Channels.
- Assess risks and weaknesses and identify security design or implementation gaps in existing customer facing products and services. Direct remediation efforts and operationalize detect-and-response capabilities. You will incept and supervise programs to harden the infrastructure to secure our enterprise and Distribution center systems.
- Represent Product Security and InfoSec in product strategy and roadmap development with GapTech's PMs, TPMs and Engineers for our customer platforms.
- Stay informed about the security landscape - internal and external threats, regulatory requirements, policy changes and other sources - and ensure applications maintain compliance as well as security hardening.
- Evaluate fraud technology as well as utilize a variety of software to reduce potential frauds and evaluate efficacy of new tools for fraud insight.
- Guide technical development of customer facing tools and product features in order to reduce security risk and fraud across the organization.
- Create a score card about the state of Security of our Ecommerce, stores, Contact center platforms to present it to senior leadership.
- Drive thought leadership to define clear business problems and customer pain points and influence how we prioritize security solutions to resolve them/mitigate impact.Who You Are
- 8+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in Web, mobile and store app and devices.
- 5+ years of senior level engineering experience working with highly scalable enterprise software, consisting of (3+) years of proven experience working in application security, Ecommerce/web security, mobile applications.
- Technical Experience in implementing protection against Account Takeover, session hijacking, enumeration, Bots, intrusion detection, supply chain attacks and digital forensics.
- Broad security-related domain knowledge with authentication and authorization, Customer identity and access management(CIAM), data protection, OAuth/Open ID connect, Web application firewall,RASP, APIs, micro-services.
- Extensive understanding in OWASP Top 10, MITRE ATT&CK, NIST CSF, CVSS, CWE criteria and scoring.
- Have a clear understanding of cloud computing services/deployment architecture, especially Azure, GCP and OCI.
- Experience in implementing protections against Giftcard and loyalty fraud, chargebacks etc in selling channels.
- Experience implementing controls and mitigating risks related to GDPR, PCI, CCPA and other information security and data privacy standards.
Click here to print

Fashion Jobs

Business Analyst, Mac na

| Permanent | New york

sr Business/Data Analyst

| Permanent | Marlborough

Website reserved for fashion, luxury and beauty industry professionals.