This site uses cookies. To find out more, see our Cookies Policy


Content banner

Director, Cyber Security and Risk Management in Tempe, AZ at Circle K

Date Posted: 5/15/2019

Job Snapshot

Job Description

Circle K is a great place to work! Here is why:
We know that you can work anywhere. However, working at Circle K is the start of something great! While you make it easy for our customers, we focus on you and your development! Our people make us who we are. We want to see you grow, so we put growing together at the forefront of everything we do. It is our duty to provide you with the tools and resources that you need to succeed. Joining Circle K means joining a team that is devoted to you!

Main Areas of Responsibilities

  • Collaborate with business and functional leadership to identify Circle K’s information and cyber security risks; assess associated threats and vulnerabilities, build and manage treatment plans, and negotiate acceptable levels of residual risk.
  • Govern, manage and monitor the ongoing maturity of the cybersecurity program leveraging the NIST CSF (Cyber Security Framework) to protect Circle K’s information assets and digital technology systems and effectively mitigate significant risks.
  • Inspire, lead, and develop motivated, geographically diverse and high-performance Information Security and Compliance teams across multiple levels and with global reach.
  • Regularly contribute to management reports for Senior leaders and the Board of Directors covering cybersecurity preparedness and posture, the evolving threat landscape, as well as information security risk treatment and mitigation.
  • Manage executive stakeholders with regular dialogue, status reports, and alert escalation.
  • Ensure compliance with PCI, regulatory and legal requirements, data privacy, risk management, transparency, and third-party oversight.
  • Direct the design and deployment of strategic, next-generation security controls to meet the evolving risks faced by Circle K’s global, digital ecosystem; this includes IoT monitoring and control, asset discovery and hygiene assurance, cloud access security (CASB), behavioral analytics (UBA), access analytics, and cross-industry cyber threat analytics.
  • Institutionalize 3rd-Party Oversight and Risk Assessment Processes, including inventory, assessment, risk acceptance, controls assurance and secure partner connectivity.
  • Work closely with IT functional areas and service providers.
  • Lead and champion full information sharing and collaboration across the retail sector, to provide a collective focus on protecting the industry against evolving security threats;
  • Establish and standardize a global information security incident response process
  • Collaborate with the CISO to manage Security budgets, OPEX and CAPEX
  • Effectively establish and manage appropriate MSSP services

Essential Duties and Responsibilities:

  • Leads, directs, and has accountability for the performance and development of subordinate staff in Risk Management, Security Operations, Vulnerability and Threat Management, Cybersecurity Identity and Access Management, in accordance with corporate strategic direction. May include matrix reporting relationships.
  • Establishes and directs the design, development, testing and implementation of appropriate Information Security strategies, plans, products, and other access control techniques. Also identifies emerging vulnerabilities, evaluates associated risks and threats, and provides countermeasures where necessary.
  • Directs the staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the information security technologies which promote a secure and uninterrupted operation of all IT systems.
  • Manages the reporting, investigation, and resolution of information security incidents. Works with and consults with senior business leaders such as the Office of General Counsel on potential data breaches.
  • Manages the staff overseeing Identity and Access Management. Ensures that appropriate access is provided to employees, contractors, and other parties in a timely fashion meeting strict security standard in accordance with the principles of Segregation of Duties and Least Privilege. Works closely with Human Resources and Enterprise Procurement to ensure IT aspects of new employee and contractor on-boarding are appropriately completed.
  • Oversees staff supporting the Office of the General Counsel in the collection, delivery, and presentation of electronic evidence regarding litigation for and against the company. Provides services to manage the full life-cycle of electronically stored information to those ends.
  • Responsible for the development and implementation of security standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data across multiple platforms and environments (e.g., company-wide, distributed, client server systems, and e-applications).
  • Responsible for ensuring appropriate governance over Managed Service Providers managing and maintaining information security technologies.
  • Maintains contact with industry security groups, and an awareness of current vulnerabilities, threats, and risks to data privacy and information security.
  • May perform additional duties associated with Cyber Security as assigned.

Required Skills / Experience / Competencies:

  • Bachelor's degree in Computer Science, or related discipline is required. Master’s degree is preferred.
  • 12+ years of experience in information security.
  • 5+ years of supervisory/management experience including preparing and managing a significant operating budget.
  •  Applicable Certifications in Information Security field
  • Thorough understanding of Cyber Security technologies and offerings in the market place, as well as the processes associated with running a cyber security operation.
  • Senior level understanding of all aspects of information security, including: security and risk management frameworks, vulnerability and threat management, security operations, security organization, architecture, access control, and security incident management.
  • Excellent ability to influence change in corporate understanding and adoption of information security concepts.
  • Excellent analytical and problem-solving skills.
  • Excellent communications and interpersonal skills and the ability to work effectively with peers; senior executives in both IT and across business units; and internal/external business partners/clients. Ability to effectively explain complex security-related concepts and issues to non-technical and business audiences.
  • Strong understanding of crisis management skills.
  • Experience working within a global organization.
  • Ability to effectively communicate with all levels of employees within scope of responsibility.
  • Ability to manage complex projects to completion.
  • Proven ability to lead and motivate others in accomplishing goals.

Circle K is an Equal Opportunity Employer.
The Company complies with the Americans with Disabilities Act (the ADA) and all state and local disability laws.  Applicants with disabilities may be entitled to a reasonable accommodation under the terms of the ADA and certain state or local laws as long as it does not impose an undue hardship on the Company. Please inform the Company’s Human Resources Representative if you need assistance completing any forms or to otherwise participate in the application process.

Click below to review information about our company's use of the federal E-Verify program to check work eligibility:

In English

In Spanish