40 hours per week | Hybrid 2 days onsite in Boston
Responsibilities:

• Ensure the confidentiality, integrity and availability of information by communicating risk.
• Create and maintain enforceable policies supporting processes.
• Ensure compliance with regulatory requirements.
• Coordinate security-related activities with A&F IT-supported agencies. Activities include the evaluation,

procurement and deployment of security-related products and the development and coordination of security
awareness, disaster recovery and incident response plans.

• Be responsible for the translation and construction of complex security problems into sound technical solutions.
• Provide technical, security and architectural direction to technology/business teams.
• Ensure that development efforts are adhering to established security, design, and compliance standards/requirements.
• Provide insight and guidance on overall secure system design.
• Be responsible for secure infrastructure and application architectures.
• Document, maintain and communicate security architectural requirements.
• Monitor emerging technologies for potential impacts to operations and long-term strategy.
• Identify potential areas of compliance vulnerability and risk; direct the development and implementation of

corrective action plans for resolution of identified issues.

• Ensure adherence to legal standards regarding information security compliance; implementing and following

industry standards and best practices for security compliance; and developing reliable, efficient and effective
project development processes.

• Provide strategic and tactical advice to address existing and evolving security threats.

Required knowledge, skills and abilities include:
? A minimum of 10 years of experience within information technology
? A minimum of 10 years of experience in information security or cyber security; with at least 5 years of
exposure to various security frameworks, preferably NIST
? 5 years of managerial, team leadership or supervisory experience in large, matrixed organizations
? Extensive experience with policies/procedures, application design, information analysis and reporting,
networking and systems integration, security control, audits, risk analysis and disaster recovery
? Ability to supervise staff including performance appraisal, employee coaching, training, development and
performance management
? Excellent written and verbal communication skills, with a proven ability to translate security and risk to all
levels of the business in technical and non-technical terms
? Ability to develop and maintain effective working relationships with a variety of stakeholders
-
EEO Statement. We welcome all applicants and qualified individuals, who will receive consideration for employment without regard to their race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status or disability.