About the company
Albertsons Companies is at the forefront of the revolution in retail. With a fixation on innovation and building culture, our team is rallying our company around a unique vision: forging a retail winner that is admired for national strength, deep roots in the communities we serve, and a team that has passion for food and delivering great service.
Albertsons is one of the largest retail employers, providing approximately 300,000 jobs across 2,200 stores, 22 distribution centers, 20 food and beverage plants and various support offices. We operate in 34 states and the District of Columbia under the Albertsons banner, as well as Safeway, Tom Thumb, Jewel Osco, Shaw’s and many more recognizable names.
What you will be doing
The Head of Portfolio Information Security Office oversees the Portfolio Information Security Officer team and ensures security best practices are part of everything we do within Albertsons Companies‘ Technology and Engineering organization. As the lead for the Portfolio Information Security Officer team, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. You work with the business and technology partners to achieve goals and objectives in a secure manner with a heavy forward lean on modern data and technology architectures .
This position can be located in Pleasanton, CA, Phoenix, AZ, Plano, TX or Boise, ID.
As the leader of the Portfolio Information Security Officer team, you must be technical with a focus on security and have good communication and priority managements skills as well as comfort in influencing senior executives around security best practices. You must be able to clearly articulate risks and how best to reduce or mitigate those risks to enable the business. You must also be an evangelist for security and enjoy working with other technologists in making security something that is not only necessary, but an exciting aspect of the Technology strategy.
The Head of PISO will work with the rest of the corporate InfoSec team to prioritize security investments and provide input to the Enterprise cyber strategy. Additionally, you will help advise on strategic initiatives, programs, and projects to create business value in a risk-based and agile manner. You are pragmatic and practical in your understanding of security and associated risks, but also willing to know when to pull in experts and escalate. You will lead a team of dynamic and talented Information Security professionals who want to learn from your experience and skills. You are an advocate in the value of data driven business decisions and products, as well as comfortable with big data and cloud-based technologies and tools, proactive protective methods, and concepts like APIs, tokenization, encryption, machine learning/artificial intelligence and data analysis/modeling.
- Execute Information Security advisory services for an enterprise-wide multi-year digital transformation strategy within cloud-based environments
- Lead a team of Information Security Consultants to provide subject matter expertise to both business and engineering teams, specifically in the areas of threat modeling, cloud security, retail technologies, digital, and data protection
- Educate and influence executive leadership and associates to effectively leverage security capabilities and solutions to mitigate risks and emerging threats
- Escalate and manage cybersecurity risk as the primary point of contact across various portfolios
- Serve as an expert and thought leader in our Information Security capabilities, solutions, policies, procedures and standards
- Lean in as a change agent to shift security risk identification and solutions left in enterprise processes, through coordination and execution of proactive Information Security consulting practices
- Drive innovation activity as an outcome; partner extensively with other Information Security teams such as Security Engineering, to derive both novel and secure outcomes
- Provide regular updates to executive leadership on the overall Information Security health and risk environment
- Provide ad hoc support on special Information Security hot topics for the business
- Ideal candidate should have experience with data protection techniques and tools such as encryption, tokenization, cloud access security brokers; general knowledge of retail technologies and payment standards; Experience in Offensive and or Defensive Security techniques as well as incident response frameworks.
What we are searching for
- You have a desire to work in a fast moving, forward leaning, modern computing environment
- You have a deep passion for securing modern computing platforms
- You have a strong desire to continually learn about new technologies
- You possess strong conceptual thinking and communication skills
- You are able to work well under minimal supervision
- You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including business executives, technology leaders, and enterprise suppliers
- You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality
- You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives
- You have the ability to describe the risks of a security exposure or vulnerability in business-impact terms
- Experience in securing mobile platforms, mobile apps, mobile wallets, and IoT deployments
- Working knowledge of compliance obligations relevant to retail (e.g. PCI-DSS, SOX, HIPAA, etc.)
- Strong understanding of technology risk, information security fundamentals, defense-in-depth practices, risk assessment fundamentals and risk management practices
- Strong understanding of Identity and Access Management concepts
- Strong understanding of Data Protection methodologies (encryption, tokenization, masking, hashing)
- Relevant experience with cloud technologies and associated deployments
- Bachelor’s degree
- 10+ years of combined experience with Data and Security Architecture, Data Security, and Big Data.
- At least 7 years of experience leading a technical security team
- 8+ years of experience performing security risk assessments and consulting
- 5+ years experience with threat modeling
- 2+ years experience in securing a public cloud environments and services (e.g. AWS, GCP, Azure)
- 2+ years experience utilizing Agile methodologies within DevOps environments
- Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) or AWS Certified Solutions Architect
- Ability to clearly articulate and build support for a strategic security vision, as passionate about the ‘why’ as the ‘how’
- Be relentlessly curious, take ownership and challenge the status quo
- Have in-depth knowledge of the security landscape as well as deep understanding of how to implement solutions in a regulated setting
- Operates globally and is able to define where strategies and tactics need to be applied globally and where locally, and to communicate that clearly and simply
- In-depth knowledge of cloud providers, cloud operating models and cloud security controls and best practices
- Looks at external companies, products and capabilities and how they may accelerate Albertsons’ security initiatives
- Shapes and leverages advanced conceptual thinking to solve complex and/or completely new or novel security situations that have never been dealt with before.
- Actively pursues innovative solutions that align with the company‘s tolerance for risk (business and reputational).
What it is like at Albertsons?
Albertsons Culture Principles
Compassion : We always treat each other with kindness and respect
Team : We always support and recognize each other
Inclusive : We always value everyone’s perspective
Learning : We always strive to grow and develop ourselves and others
Competitive : We always act with integrity to win over the customer
Ownership : We always take actions to drive our success
- Address Pleasanton, CA, USA
- Salary Offer $50.000 ~ $100.000
- Experience Level Senior
- Total Years Experience 20+