The primary purpose of this position is to safeguard information system assets by identifying and resolving real-world Information Security (IS) issues.PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
QUALIFICATIONS & EXPERIENCE:Experience:
- Execute the Vendor risk framework for risk mitigation across the Americas region.
- Collaborate with business leads to identify business impact based on security risk exposure.
- Maintain and foster relationships with business stakeholders to identify new projects and vendor initiatives for security risk assessments.
- Ability to translate business use cases to security risk and communicate the business impact of identified risk exposure for mitigation.
- Perform risk assessments of new projects, applications, and 3rd party vendors, including Business Impact Analysis, security requirements, and manage residual risk documentation
- Conduct IS assessments of 3rd parties and vendors to assess their risk to PVH.
- Influence business day-to-day decision making based on security leading practices.
- Identify security improvements by assessing current situation, evaluating trends, and anticipating requirements.
- Provide education on technical security topics to the various Business and Information Technology groups within PVH.
- Proactively identify risks by identifying security-related abnormalities and reporting violations.
- Coordinate with IT and business teams on security design reviews and application scanning for individual projects and annual testing initiatives.
- Proactively maintain technical knowledge by attending educational workshops, seminars and reviewing publications.
- Communicate information security best practices and risk exposure to PVH employees, management and leadership.
- Coordinate and collaborate with IS and PVH I.T. leadership regarding technical vulnerabilities that may have the potential to impact enterprise operations.
- Collaborate with the Information Security Senior Director in managing Information Security Policies.
- Maintain process workflows for vendor risk analysis and ensure integration with the risk framework.
- Maintain and proactively communicate on a vendor risk register.
- Core team member of the PVH Security Incident Response Team.
- Complete special projects as assigned by the Information Security Director or Senior Vice President, Internal Audit and Information Security.
- 5-8 years' experience in an information security or risk management role.
- Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols.
- Hands-on experience with commercial and open-source network and application security testing tools.
PVH Corp. or its subsidiary ("PVH") is an equal opportunity employer and considers all applicants for employment on the basis of their individual capabilities and qualifications, consistent with applicable law and without regard to race, color, sex, gender identity or expression, age, religion, creed, national origin, citizenship status, sexual orientation, genetic information, physical or mental disability, military status or any other characteristic protected under federal, state or local law. In addition to complying with all applicable laws, PVH also has a strong corporate commitment to inclusion, diversity and to ensuring that all current and future PVH associates are compensated solely on job-related factors such as skill, ability, educational background, work quality, experience and potential. To achieve these goals, across the United States and its territories, PVH prohibits any PVH employee, agent or representative from requesting or otherwise considering any job applicant's current or prior wages, salary or other compensation information in connection with the hiring process. Accordingly, applicants are asked not to disclose this salary history information to PVH