Manager, Information Security

Hudson's Bay Company

Hudson’s Bay Company is one of the fastest-growing department store retailers in the world. In North America, HBC’s leading banners include Hudson’s Bay, Lord & Taylor, Saks Fifth Avenue, Gilt, Saks OFF 5TH, Find @ Lord & Taylor, and Home Outfitters.

Reporting Relationship: The Manager Information Security will report to the Chief Information Security Officer


Major Responsibilities:

Under the direction of the Chief Information Security Officer, the Manager, Information Security is responsible for assuring the ongoing security and protection of the confidentiality, integrity and availability of HBC’s information technology and information assets.  Acting as a primary Information Security Office contact for the Information Technology organization, this role will provide leadership and direction for HBC’s risk and vulnerability assessment efforts, penetration tests and other initiatives aimed at increasing the security and protection of HBC’s information technology and information assets


Role responsibilities include: 

  • Defend the information enterprise in accordance with established policies, procedures, guidelines, and industry best practices.
  • Acts as the primary Information Security Office liaison to the Information Technology Digital Application teams proving information security guidance and oversight
  • Assist in information security incident and fraud investigations, providing forensic support and analytic review
  • Primary contact for HBC’s Threat Intelligence related services and support
  • Manages and coordinates periodic vulnerability scans and penetration tests commensurate with the risk exposures of HBC’s information assets
  • Reports the levels of information security compliance risk and control effectiveness to key stakeholders
  • Develops, implements and supervises HBCs remediation processes to address issues identified as a result of an incident, security assessment, vulnerability scans, penetration tests, internal or external audits and other assessments or requirements
  • Manages and coordinates internal and external risk assessments
  • Develops and maintains appropriate documentation to track risk and remediation efforts
  • Provides guidance to business units implementing technology solutions in order to mitigate security risks
  • Work with IT Security Operations and other business units to deliver an enterprise security posture that evolves with business, technological, and threat landscape changes
  • Responsible for assisting in the development and maintenance of HBC’s information security policies, standards, guidelines, practices and procedures to ensure that HBC’s practices remain observant to all pertinent local, state/province and federal laws and industry standards
  • Assist in the development, implementation and ongoing management of the Information Security Program
  • Provide information security technology expertise/consultation for various departments as requested.
  • Provide enterprise and local project team leadership for information security initiatives


Personal Characteristics: 

The successful candidate should be respected and has a proven track record of success in delivering Information Technology Security applications to ensure the security of HBC Information assets are protected. He/she will have a background in various testing solutions for Information technology. He/she must have the ability to quickly assess a new environment and develop solutions that support the strategy, critical objectives and cultural norms. He/she must be creative with a strategic and solutions oriented mindset, with the ability to turn concepts into action. He/she must have strong relationship building and influence skills. The successful candidate will be a change agent who is flexible, resilient and able to thrive in a dynamic, rapid paced environment. He/she will embody a culture of taking smart risks and innovation to win.


Professional Qualifications:

  • Five (5) years of information security experience
  • Relevant information security certifications preferred (i.e. CISSP, CISM, etc.)
  • Strong knowledge of information systems security standards and practices (e.g., access control, secure coding, system hardening, system audit and log file monitoring, security policies, and incident handling)
  • Proven experience and knowledge of information security compliance functions including risk management and audit
  • Proven technical acumen with an excellent understanding of Windows and *nix environments, TCP/IP and network communications, network and server infrastructure technologies and devices including firewalls, routers, switches, etc.
  • Knowledge of ISO27001, NIST 800-53 and similar frameworks
  • Demonstrable knowledge of regulatory and statutory compliance requirements including PCI-DSS, HIPAA, etc.
  • Ability to manage multiple projects, priorities and deadlines
  • Adaptability, flexibility and ability to work as part of a team across functional boundaries or in an individual capacity
  • Ability to handle and maintain the integrity and confidentiality of highly sensitive material and information

To apply for this job please visit the following URL: →