Director of Security/Compliance

Back to careers

Company Background:

Gilt Groupe provides access, by invitation only, to Men's, Women's, Children's, Beauty, and Home coveted fashion and luxury brands at prices up to 70% off retail. Each sale lasts 36 hours and features hand selected styles from a single designer. The business model, based on urgency and scarcity, offers extraordinary goods at incredible prices, but only for a limited time. All of these sales occur daily at noon, driven by daily email reminders and alerts to a private membership. Most of the hot items are sold within the first 10 minutes, with the bulk of sales occurring within the first 90 minutes.

Job Description:

The Director of Security/Compliance is responsible for the overall direction of all Information Technology Security, with a particular emphasis on the applications used within or that have access to the web application environment where member and credit card information is stored. The Director of Security/Compliance must be aware of the implications of legislated requirements that impact security, including but not limited to PCI Compliance and Sarbanes Oxley. The Director of Security works closely with the technology organization and must have strong working knowledge of information technology. This position will be responsible for establishing and maintaining a culture of compliance and will work directly with the operations, engineering, financial, and executive teams at Gilt Groupe to adopt best practices designed to protect the organization and its assets.

Responsibilities:

•    Manage the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security, particularly as they relate to the web application environment.
•    Coordinate education and training of all staff related to best practices and current regulation related to security.
•    Create and enforce either required or best practice policies to support a world class secure infrastructure.
•    Own all aspects of PCI Compliance, ensuring that Gilt Groupe becomes 100% compliant and maintains that compliance
•    Implementation of security related system changes and process changes
•    Serve as primary point of contact for all external audits
•    Manage all ongoing assessments and continual audits of infrastructure to ensure no breaches exists
•    Enforce standards through clear and well communicated guidelines
•    Conduct internal monitoring and auditing
•    Conduct regular risk assessments and response plans
•    Response promptly to offenses and develop corrective actions
•    Ensure that all security procedures are in place and maintained
•    Serve as primary point of contact for regular audit
•    Evaluate and manage third parties to continually test and expose vulnerabilities
•    Develop strategy and implement systems to prevent any breach in security

Required Skills & Qualifications:

•    5+ years of experience in information security or a related field
•    At least 3 years of experience as a software engineer or systems administrator with responsibility for highly sensitive data
•    Deep experience with applied cryptography
•    Expert level knowledge of modern tools and systems to protect sensitive data
•    Deep knowledge of PCI and SOX
•    Strong communication skills and track record of working with engineering and auditors to truly protect sensitive data.

Education:

•    BS or MS in Computer Science, Electrical Engineering, Cryptography, or related field



If interested, please send your resume to careers@gilt.com