2157 Information Security

The Gap Inc.

Company Type

Sr. Manager, Information Security

Hyderabad, India


Gap Tech drives innovative retail, e-commerce and global enterprise technology for our headquarters operations and our five iconic brands across the world. We push boundaries. We challenge the status quo. Innovation sits at the core of everything we do. And we’re not here just to execute; we’re here to learn and grow. As individuals, we’re passionate, diverse, innovative and wickedly talented. As a team, we’re making amazing things happen in our offices, our stores and our communities. We are diversifying our talent globally, and expanding our reach by opening a technology hub in Hyderabad, India.  Growing over time, this center will become critical in enabling technology that powers Gap Inc. business globally.


The Sr. Manager will report to the Director of Product Security and is dotted line to other InfoSec lines of business to include: Security Operations, Incident Response, and Risk & Compliance. In this role, the Sr. Manager will work closely with and manage local InfoSec staff in Hyderabad to drive delivery of InfoSec goals and objectives.  This leader must be capable of working in a matrixed organization and coordinating the delivery of multiple outcomes concurrently.  As a people leader first, and delivery manager second, this leader must not just build great teams but also inspire and lead these technical teams.

Additionally, as considerable portion of the InfoSec team is US based, this leader must be capable of independently driving against stated goals and objectives in a different time zone.

Other responsibilities

Engages with our business partners in GapTech India to drive security initiatives and foster good working relationships

Build a world class cross functional InfoSec team upwards of 20 resources

Manage matrixed teams to deliver against team goals and objectives; define an operating model that works for multiple InfoSec teams

Establishes and maintains the local Security Champions program to enable business agility and improve the overall application security posture of GapTech products

Manages local incident response processes and resources

Engages with business partners on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle

Actively participates in the creation of the Security University curriculum for internal InfoSec employees and business partners

Stays abreast of trends and advances in IT/security solutions and monitors changes in the operating environment that affect information security

Presents security updates, recommendations, strategic opportunities to local & US leadership

Develops relationships with local business leaders, challenging status quo on security matters

Provides advice on a broad range of security items and strategies

Web application security experience including OWASP Top 10 vulnerabilities, browser security, javascript security, and rich web safety

Experience managing penetration testing and Red Teams

Experience leading Incident Response and monitoring capabilities

Creating and delivering usable introductory to advanced training to other engineers on security practices

Significant knowledge of network security, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols

Experience working in a risk based environment including mitigation, planning and implementation

Operational flexibility in modifying business and operating practices to adapt to a changing environment

Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures

Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships

Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences

Proven success working across organizational and geographic boundaries

Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001

Minimum Education Level

Bachelor’s in Computer Science, Engineering or related technical field

Minimum Experience

Minimum 5 years experience in an Information Security Leadership position

Read Full DescriptionHide Full Description
Confirmed 17 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

One Step Register
Need an account? Sign Up