An opportunity is available for an IT Director – Risk Assessment at Signet Jewelers, the world’s largest retailer of diamond jewelry, operating iconic brands like Kay Jewelers and Zales. Despite the title, the responsibilities detailed in the job description indicate a focus on Information Security with a heavy emphasis on Third-Party/Vendor Risk Management.

This is a full-time, fully remote position.

Role Summary and Vendor Risk Management Focus

This leadership position is titled “Director of Information Security” within the job description and is responsible for providing executive leadership over infrastructure-related security matters. The primary focus is on establishing, evolving, and championing the global vendor risk assessment program across the organization and its supply chain.

Key Responsibilities

• Vendor Risk Program Ownership: Manage and evolve the vendor risk assessment program. Design the due diligence process and implement risk mitigation strategies.
• Global Risk Management: Manage vendor cybersecurity risk across the global supply chain, implementing frameworks such as NIST CSF and developing risk scores based on vendor impact and criticality.
• Contract & Compliance Enforcement: Work closely with procurement and legal teams to ensure contractual security clauses are enforced. Optionally, review vendor Data Protection Impact Assessments (DPIAs).
• Executive Communication & Response: Report regularly to senior leadership, including the CISO, on the state of third-party security risk. Lead incident response coordination for vendor-related breaches.
• Operational Management: Maintain a risk register of critical vendor findings, ensure timely remediation, and track SLAs. Serve as the primary contact for vendor security discussions and due diligence support.
• Security Transformation: Oversee the security of large IT environments through transformation initiatives, including network security re-architecture, host security architecture, security incident response, and vulnerability management programs.

Required Experience and Qualifications

The ideal candidate is an experienced security leader with a track record of overseeing large IT environments and managing complex, large-scale programs and teams.

• Experience: 10+ years of related experience.
• Program Leadership: Experience in project management, from conception to delivery, including managing large, complex projects and large teams.
• Consulting Management: Experience managing consultants/contractors at scale.
• Technical Depth: Extensive experience with a variety of security control tools and processes.
• Leadership Skills: Strong communication and interpersonal skills, with the ability to independently set direction and own resolution.
• Education: Bachelor’s degree, or equivalent experience. Certifications are a plus.