The I.S. Information Security Manager is responsible for coordinating analysis, reviews, and other tasks necessary to protect the integrity and confidentiality of Costco Wholesale's information. This position will provide strong leadership, direction, and guidance to IS Senior Management on Information Security issues. The three main areas of responsibility include, but are not limited to: 1) providing for the development and maintenance of the Information Security program and the protection of key Costco information system resources; 2) aligning information security best practices with business requirements; and 3) managing the Information Security team in alignment with corporate business objectives.
Job Duties/Essential Functions
* Translates business goals into security practices, policies, standards, guidelines, procedures, and other elements of an infrastructure to support corporate information security.
* Manages project resources who participate in system and application design, and implementation reviews, to ensure that proposed solutions comply with the Company's policies, its contractual and legal obligations, and industry accepted practices.
* Monitors new and emerging security, compliance and privacy related requirements, technologies, trends, issues, and solutions and assessing their applicability to Costco Wholesale's key business initiatives and business strategies. Providing advice and consulting to senior management and the organization in the development, implementation, and administration of actions to meet these emerging requirements.
* Coordinates and monitors information security activities throughout the organization, including the preparation of periodic status and progress reports to applicable parties, leadership teams, and stakeholders.
* Hires, trains, and mentors Information Security team members.
* Responsible for thoroughly understanding and executing against outcome-based goals and strategy for this area, and supporting all I.S. divisional goals and initiatives.
* Establishes and develops a productive relationship between this area and other appropriate departments and outside vendors.
* Defines the Security Project lifecycle and continually assesses and retunes the Project Intake process.
* Responsible for presenting fact-based, objective assessments of information security and compliance risks to management and acting on their direction for responding to such threats.
* Maintains an Information Security Business Plan that reflects the strategic direction within I.S., and for providing annual and as-needed updates to management.
* Ensures that the team is properly staffed and trained to meet these planned/approved objectives.
* Communicates and creates presentations, as required, to mid- and upper-level management and other personnel.
* Assists in other areas of the department as necessary.
* Assists in other departments of the company as necessary.
Ability to operate vehicles, equipment or machinery
Computer, phone, printer, copier, fax
Experience, skills, education & licenses/certifications
* 6+ years' in a Manager or leadership role with demonstrated strong team-building skills with diverse teams.
* Conversant in technology matters related to security, architecture, emerging InfoSec trends, compliance, and risk.
* Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end users, and security experts in an effective and appropriate manner.
* Outstanding customer\client relations skills to ensure that security and business objectives are always in alignment and a flexible and business-oriented focus on security matters.
* Must be extremely responsive, with a strong sense of urgency.
* Able to work well under stress and handle crisis situations professionally.
* Able to support off-hours work as required, including evenings, weekends, holidays, and 24/7/365 on call responsibilities on a rotational basis.
* Experience leading Information Security or Compliance functional teams.
* Previous management experience over highly technical teams.
* Hands on experience related to security design, architecture, incident response, and strategic planning.
* Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and/or Certified Information Systems Auditor (CISA) status or equivalent.
* Experience with Agile and other iterative methodologies.
* Possess experience with common information security management frameworks, such as International Standards Organization (ISO) /27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) framework.
* Successful internal candidates will have spent one year or more on their current team.
* Management will review the Job Analysis for this position prior to a job offer.
To Apply: Use the link below to upload all required documents to
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.
About Costco Wholesale
Costco Wholesale Corporation operates membership warehouses.