Manager of Security

July 11, 2019
Los Angeles, CA
Job Type


Job Summary

The Security Manager is responsible for developing and managing our information security and compliance program to ensure the confidentiality, integrity, and availability of TOMS’ operation. The program includes implementing policies, standards, and solutions to cost-effectively manage the risk of IT infrastructure and applications. You will enhance the security posture of the organization through security awareness training and implementation of technical and administrative controls. The Security Manager is responsible for developing compliance programs to assess and report on the state of enterprise security and alignment with industry best practices. You will lead our focus on security within current and new technical solutions and services. The Security Manager will also manage the organization’s response to security incidents. You will support business unit leaders and our Legal team to ensure all contracts meet security and data protection requirements prior to award. You will own our annual PCI filing process and manage multiple security services and support contracts.

Essential Responsibilities

    • Provide strategic direction to related governance functions (such as Physical Security/Facilities, HR, and Legal) and leaders throughout the organization on information security matters plus emerging security risks and control technologies. Participate in contract review to ensure appropriate security controls are in place. Oversee the general level of security awareness with the organization and the IT team. Conduct organization-wide security awareness training. Interface effectively with users at all levels.
    • Lead the development, implementation, testing and management of security policies and standards organization-wide to ensure the protection of corporate data against unauthorized use, access, modification, disclosure and deliberate or inadvertent destruction. Ensure TOMS policies and practices fully comply with all applicable audit and regulatory requirements. Develop appropriate plans to proactively mitigate potential security weaknesses. Work with affected teams to address vulnerabilities.
    • Develop security criteria/standards for evaluating existing and proposed applications providing an assessment of vulnerability and risk. Monitor changes in the security landscape including new vulnerabilities, viruses, intrusions, fraud scams and best practices and tools available for system/network protection.
    • Manage our annual PCI audit/attestation program and filing process including periodic check-ins and preparation efforts; own our GRC solution
    • Manage vendors providing security services such as vulnerability scanning, endpoint monitoring, penetration testing, email protection, etc.
    • Provide continual reassessment of the security posture of TOMS. Provide risk-based management reporting. Ensure timeliness in the application of technical security controls; lead the definition and monitoring/oversight of security-related controls. Periodically test security practices for compliance with established policy/practices. Investigate security breaches, fully documenting events, effectively retaining evidence and recommending realistic preventative measures.


Requirements And Qualifications

    • Expert knowledge of security/compliance frameworks including PCI, NIST, ISO27001, OWASP etc.
    • Deep experience with data protection and privacy issues on global level
    • Experience managed PCI compliance audit/assessments with enterprise GRC tools
    • Experience managing security service vendors and support contracts
    • Experience managing vendor-performed penetration testing
    • Broad knowledge of corporate network and computer (desktop/server/mobile) systems
    • Broad knowledge of enterprise systems (ERP, eCommerce, PoS)
    • Ability to work with a diverse, global team
    • Experience managing security for cloud-based SaaS and hosted solutions


Education and Experience

    • CISSP certification
    • PCI ISA or QSA certification
    • CISA, CISM, CRISC, CCSP certifications
    • Demonstrates excellent judgment and ability to assess complex systems
    • Excellent written and oral communication skills, ability to interact with all levels of the organization and convey complex technical topics to a non-technical audience
    • Excellent ability to translate risks and issues into action with timely closure
    • Strong work ethic, desire to seek the opportunity to assist versus needing to be told exactly what to do.
    • Bachelor’s degree or equivalent experience in a technical environment
    • Self-motivated to stay current on security threats and capabilities
    • Experience writing instructional, process, or system documentation.
    • Ability to thrive in a dynamic, fast-paced, multi-team environment serving a global enterprise.


Minimal travel expected: 3-10 days/year for conferences or to visit offices/stores.

EEO Statement: TOMS is an equal opportunity employer and will consider applicants with criminal histories in a manner consistent with the requirements of the ordinance.

Company Description

One for One

Why work at TOMS? The answer is simple – to use business to improve lives. Whether you’re looking for meaning in your work or you want to help those in need, our promise to our employees is the ability to give back through their work. Working at TOMS will provide you with the opportunity to give back and thrive.

If you are not familiar with TOMS, our business philosophy is rooted in the concept of Giving. It all started in 2006 when Blake Mycoskie befriended children in a village in Argentina and found they had no shoes to protect their feet. Wanting to help, he created TOMS, a company that would match every pair of shoes purchased with a pair of new shoes given to a child in need. Realizing that One for One® could serve other global needs, TOMS has since launched other products including eyewear, coffee, bags and backpacks. As always, with every product you purchase, TOMS will help a person in need while standing for issues that matter. One for One®.

Since our founding, we have given over 86 million pairs of shoes to children in need; helped restore sight to more than 600,000 people; have helped give more than 600,000 weeks of safe water; supported safe birth services for more than 250,000 mothers, serve more than 145,000 youth through bullying prevention and response programs, and give over 100,000 people solar light for one year. We are giving in over 50 countries around the world through partnerships with more than 75 Giving Partners. Excited yet?

Related Jobs