An opportunity is available for an IT Director – Risk Assessment (Information Security) at Signet Jewelers, the world’s largest retailer of diamond jewelry, operating iconic brands like Kay Jewelers and Zales. This motivated leader will be responsible for executive leadership of third-party security matters and driving transformational initiatives.

This is a full-time, remote position.

Role Summary and Vendor Risk Mandate

This Director role is central to managing Signet’s cybersecurity risk across its global supply chain. The primary focus is building, evolving, and governing the vendor risk assessment program, ensuring due diligence, implementing mitigation strategies, and maintaining security compliance.

Key Responsibilities

• Vendor Risk Program Ownership: Manage and evolve the vendor risk assessment program. Design the due diligence process and implement risk mitigation strategies.
• Framework Implementation: Manage vendor cybersecurity risk across the global supply chain, implementing frameworks such as NIST CSF and developing risk scores based on vendor impact and criticality.
• Due Diligence & Compliance: Work with procurement and legal to ensure contractual security clauses are enforced. Serve as the primary contact for vendor security discussions and due diligence support.
• Monitoring & Incident Response: Conduct continuous monitoring and lead incident response coordination for vendor-related breaches.
• Reporting & Governance: Report regularly to senior leadership, including the CISO, on the state of third-party security risk. Maintain a risk register of critical vendor findings and track SLAs for timely remediation.
• Guidance: Provide guidance to business units and project teams during vendor selection and procurement processes. Optionally, review Data Protection Impact Assessments (DPIAs).

Required Experience and Qualifications

The ideal candidate is a seasoned Information Security professional with extensive experience managing vendor risk, leading large-scale projects, and overseeing the security of large IT environments.

• Experience: 10+ years of related experience.
• Leadership & Project Management: Experience in project management, from conception to delivery. Experience in managing large, complex projects and large teams. Experience managing consultants/contractors at scale.
• Security Expertise: Extensive experience with a variety of security control tools and processes. Past experience overseeing the security of large IT environments through the entire program lifecycle.
• Communication: Strong communication and interpersonal skills, with the ability to independently set direction and own resolution.
• Education: Bachelor’s degree or equivalent experience; Certifications are a plus.