Director, Security Engineering (Montreal, QC)

Company Description

Founded in 2003, SSENSE is pacing the vanguard of directional retail with its mix of luxury, streetwear, and avant-garde labels.

Currently serving 150 countries, generating an average of 88 million monthly page views, and achieving high double digit annual growth since inception, its field of focus has grown beyond that of a typical e-commerce entity as it explores the nexus of content, commerce, and culture. More than just a retailer, SSENSE is becoming a cultural protagonist in its own right. 

Job Description

Reporting to the CISO, the Director, Security Engineering will lead security engineering in the Security team.  The Director, Security Engineering is accountable for planning, designing, building and integrating tools and systems that are used to protect SSENSE systems, devices and data.  The role requires embedding security controls in key and relevant project lifecycle and development practices and governing their effectiveness.   The ideal candidate has the ability to see the big picture from both a technical and business perspective, leadership skills to motivate her/his team and other IT teams, technical knowledge to support and guide solutions, engage and foster collaboration with business and technical teams and the foresight to help strategize and drive the team in delivering objectives. As a leader, this role provides the opportunity to drive large projects, influence the technical strategy and collaborate with multiple departments to drive significant business value.

RESPONSIBILITIES

Security Engineering  Activities :

• Manage information security engineering, build and operate DevSecOps, application security in development, infrastructure and data pipelines, on AWS Cloud infrastructure, Google Cloud Platform and on-premise Windows server infrastructure.
• Build and operate application security evaluation processes in the development pipeline to improve the quality of code and on risk managed bases only get promoted to production based on meeting security criteria
• Collaborate with cross-functional teams to ensure that security requirements are incorporated into system and network design, development, and implementation processes.
• Advise on technical expertise and guidance to IT and network engineering teams to ensure that security controls are effectively implemented and maintained.
• Contribute to incident response activities, including investigation, containment, and recovery efforts, as needed.
• Establish training and awareness programs to educate employees and users about security best practices and procedures.
• Lead the teams by managing people, coaching and guiding their career development, and conducting performance assessments, while also wearing the hat of the scrum master, driving the agile ceremonies.
• Partner with the team’s architecture lead, collaborate with the architecture group, development and data teams, to ensure the technical designs conform to the highest standards of quality and cost-efficiency and establish and adopt best practices.
• Drive  delivery of standards and ensure they are defined and enforced throughout the software development lifecycle.
• Drive collaboration with business analysts, data scientists and application development, platform and infrastructure teams within an Agile/Scrum environment.
• Report on the status of security and privacy by design in development, data, and infrastructure practices
• Stay updated on the latest security threats, technologies, and industry trends, and provide recommendations for improving security posture.

People Leadership & Development :

• Drive the Department's mission and vision throughout the teams
• Hold weekly one-on-ones, conduct performance reviews, analyse individual KPIs and assess promotion readiness to help each contributor evolve in their roles
• Work with Senior Leadership to gauge and monitor team engagement and implement solutions to create a transparent, collaborative and productive work environment
• Provide mentorship and development opportunities to team members, catalysing growth through coaching and team building
• Assess current and future team resource needs while developing talent that can scale with the needs of the business
• Partner with Senior Leaders to establish the Resource Plan for the direct team
• Collaborate with Senior Leadership to establish the short term objectives for the department and ensure team's are engaged towards achieving the department's missions

Qualifications

• Bachelor’s degree (BS) or Masters (MS) degree in Computer Science, Engineering, or equivalent
• A minimum of 7 years of experience managing teams delivering complex applications, preferably in a security-related field
• 7+ years of software engineering or operations experience;
• 3+ years experience with infrastructure as code frameworks like Terraform;
• 3+ years experience with software provisioning and configuration tools like Ansible;
• 3+ years experience with cloud platforms like GCP, AWS, or Azure;
• Strong understanding of and experience with Docker and Kubernetes;
• Experience working with databases like Amazon RDS, DynamoDB; PostgreSQL; Amazon DocumentDB; Aurora MySQL; Athena, Redshift, Microsoft SQL server;
• Experience with modern, SOA and micro-services. You prefer asynchronous communication amongst services and are experienced using message queues;
• Experience leading a small team of devsecops engineers;
• Experience conforming to data privacy regulations like GDPR and CCPA

SKILLS

• Proficiency and comfort with MITRE ATT&CK
• Experience with security certifications such as ISO27001/2; Cloud Security Alliance, NIST 800-53; SOC2
• Ability to present complex technical information in a clear and concise manner to a variety of audiences
• Ability to develop individuals as leaders
• Demonstrated analytical skills
• Experience leading and facilitating training