Job you are applying for:
Manager, Information Security
at the following location(s):
KFC Corporate - Louisville, KY
View Job Description
Responsible for overall strategy and execution in establishing and maintaining an enterprise-wide information security program to ensure that our company, franchise, restaurant and consumer information assets are protected. Work in partnership with company leaders to advance the security needs of the company.
Responsibilities will include leading an Information Security team that designs, develops, and implements cyber security standards, processes, and solutions for the KFC US business. Ability to partner with constituents throughout the company to achieve strategic goals and ensure the appropriate balance is achieved between risk and controls. Must possess strong influencing skills to educate and shift the security tolerances of our peers within IT, cross-functional partners, the KFC Leadership Team, vendors, and our KFC Franchisees.
•Security Architecture & Design (30%)
•Identify and implement security solutions for KFC’s ecommerce solutions to ensure our consumer information is protected and we have appropriate protections from outside threats.
•Identify security tools, services, and processes needed to mitigate risk while still allowing the business to be agile.
•Educate the KFC Leadership Team and our Franchisees on the need for changes to security solutions in order to reduce our brand risk.
•Work closely with the KFC Legal team on creating and updating standards to enforce new security policies and procedures.
•Provide strategic input for development of KFC’s technology roadmap to ensure it meets future security needs for in store, above store, and consumer facing platforms.
•Maintain a close working relationship with brand teams/architects and Global IT, Yum IT, and GTRM teams to define security objectives and meet business requirements.
•Network Operations Center (25%)
•Lead a team responsible for proactive monitoring and support of the restaurant infrastructure.
•Work cross-functionally within IT to identify ways to automatically resolve incidents using monitoring solutions (i.e. SolarWinds, HP IMC, BMC BCM) in order to reduce restaurant downtime and reduce calls into the KFC Restaurant Helpdesk.
•Risk Assessment (25%)
•Conduct an Information Security Risk Assessment for all internally developed or third-party applications prior to implementation.
•Oversee the effective management and reporting on investigations of internal or external security incidents. Prepare post mortem analyses of information security breaches, violations, and incidents and document corrective and preventive action plans.
•Ensure brand leadership accepts any identified risk prior to project implementation.
•Compliance and Audits (10%)
•Indirect leadership of multiple teams to achieve and maintain PCI and other required compliance.
•Enforcement of the data security standards and audits for external strategic partners (including franchisees).
•Understand and educate KFC US functional leads on IT risk and compliance requirements.
•Incident Response (10%)
•Maintain the KFC US incident response process and educate KFC US team members on how to report data incidents appropriately.
•Ensure all data security incidents are investigated and responded to in a timely and appropriate manner to protect our customers, employees, franchisees, and brand.
•Computer Science or Business Administration Degree
•CISSP (Certified Information Systems Security Professional)
•Certified in or have demonstrable experience with ISO27001/27002/27005
•5+ years as an Information Security leader
•5+ years managing technical teams
•Working knowledge of PCI or HIPPA certification process
•Proficient organizational skills
•Effective communication skills and proficient writing skills
•Strong research and analytical skills and full technical knowledge of all phases of systems analysis
•Project management skills – The ability to lead multiple concurrent projects using KFC US standard project methodology
•Strong familiarity with DNS and TCP/IP networking
•Proven analytical and problem-solving abilities
•Knowledge of Software Development Life Cycle (SDLC)
•Experience partnering with AWS or Azure transformation a plus
•Retail experience highly desirable
•Strong leadership skill and ability to lead cross functional teams or working with multiple teams