Director of Security Operations
Dallas, TX

Job Description

COMPANY OVERVIEW

For over a century, Neiman Marcus Group has served the unique needs of our discerning customers by staying true to the principles of our founders: to be the premier omni-channel retailer of luxury and fashion merchandise dedicated to providing superior service and a distinctive shopping experience in our stores and on our websites. Neiman Marcus Group is comprised of the Specialty Retail Stores division, which includes Neiman Marcus and Bergdorf Goodman, and our international brand, mytheresa.com. Our portfolio of brands offers the finest luxury and fashion apparel, accessories, jewelry, beauty, and home décor. The Company operates more than 40 Neiman Marcus full-line stores in the most affluent markets across the United States, including U.S. gateway cities that draw an international clientele. In addition, we operate 2 Bergdorf Goodman stores in landmark locations on Fifth Avenue in New York City. We also operate more than 40 Last Call by Neiman Marcus off-price stores that cater to a value oriented, yet fashion minded customer. Our upscale eCommerce and direct-to-consumer division includes NeimanMarcus.com, BergdorfGoodman.com Horchow.com, LastCall.com, and CUSP.com. Every day each of our 15,000 NMG associates work towards the goal of enabling our customers to shop any of our brands "anytime, anywhere, and on any device." Whether the merchandise we sell, the customer service we offer, or our investments in technology, everything we do is to enhance the customer experience across all channels and brands.

DESCRIPTION:

Neiman Marcus Group (NMG) is looking for a dynamic, motivated, creative, disciplined, self-starter with excellent interpersonal skills to lead the core security operations team under the Chief Information Security Officer.

The Director of Security Operations will be responsible for all routine operational components of Neiman Marcus Group's (NMG) Information Security Program. Major components of this program include oversight over the managed security service provided by a third party SOC provider and the development and maintenance of an incident response program and a crisis management program.

The Director of Security Operations will a lead small team of analysts in establishing oversight and reporting over security technologies that are being utilized within the Neiman Marcus Group. In effect, the Director of Security Operations will lay the foundation of an effective information security program by building several of the capabilities from the ground up.

PRINCIPAL ACCOUNTABILITIES:

* Development of appropriate policies, procedures and guidelines to govern day to day security operations


* Oversight over the managed service provider for SOC services
* Monitoring of alerts produced by the SIEM system and ensuring appropriate incident response
* Creating and maintaining a forensics program to ensure that incidents can be duly investigated
* Oversight over the company's identity and access management strategy and roadmap
* Ensuring that a patch management program is in place and is being followed by the infrastructure services team
* Creating and maintaining a threat intelligence program to ensure that relevant security concerns are identified early and appropriately socialized with the various teams
* Ensuring that a comprehensive vulnerability management program is implemented and maintained
* Ensuring the end point security controls are operating effectively
* Maintaining a security awareness program

INTERNAL/EXTERNAL RELATIONSHIPS (Scope):

INTERNAL:

* Interacts daily with the Neiman Marcus Enterprise Application teams, the Managed Infrastructure Services provider (onshore and offshore), the IT Vendor Management Organization, IT Project Management Office, and various contracted IT resources. Meets frequently with various business units to assess and evaluate information security services.


* Must be able to build relationships with technology and business teams across the company. An outgoing personality is a MUST for this position.

EXTERNAL:

* Interacts routinely with vendors, service providers, consultants/advisors, law enforcement agencies and professional organizations.



KNOWLEDGE AND EXPERIENCE GUIDELINES:

* Bachelor's or Master's degree in a computer or information management field
* Ten or more years' experience in an Information Security role with hands on experience in a multitude of security technologies to include, but not limited to:


* Logging and monitoring systems


* Intrusion detection and prevention systems


* Proxy filtering systems


* Scanning and vulnerability management systems


* Identity and Access Management Technologies


* Advanced Malware Protection


* Threat Intelligence


* Experience with heterogeneous operating systems and technologies such as Windows, UNIX/Linux, Mainframe, Palo Alto, Juniper and Cisco etc. Must have some familiarity with cloud based technologies and environments.


* Demonstrated experience with managing teams in a high paced environment. Understanding of security metrics and creation of effective dashboards for management review and consumption.


* Experience with implementing and documenting PCI and SOX-404 controls


* Excellent interpersonal and communications skills (oral and written)