Information Security Officer
At Blue Nile, we are passionately driven to reimagine fine jewelry experiences and disrupt the jewelry industry. We live by our values – As One Team we work together to win. We are Customer Obsessed, passionately and transparently helping our customers to find their perfect piece. We act with speed, quality with attention to every detail and are driven to disrupt; our curiosity, creativity and willingness to innovate and learn drives our business. We bring a modern approach to life’s most important traditions because our customers deserve better. They deserve an exceptional experience. One that leaves them feeling happy and confident that they’ve found the perfect piece for their love.
Technology & Info Security are core to enabling and scaling Blue Nile’s customer experience. We operate online in over 40 countries and manage 10 showrooms in the US. The successful candidate will have strong problem solving skills, enthusiasm for learning new technologies, and a strong sense of ownership and responsibility. Come make your mark at a small company where you have the opportunity to make a difference.
Responsibilities:
- Develop Enterprise-wide Security Program, including Cyber Security Operations, compliance standards, governance and real-time analysis of threats.
- Expand Information system security controls and countermeasures. Identify, track & manage incidents, including investigation, forensics & mitigation strategies.
- Develop a culture that advocates for Cyber security across Blue Nile & with leadership.
- Liaise closely with Blue Nile Safety, Security & Loss Prevention teams.
- Mentor, develop, train & guide cross functional teams with Information Security as a focus.
- Demonstrate a passion for technology, information security, and protecting customers.
Qualifications:
- Bachelor’s Degree in computer science or a related field; Masters in Security or MBA preferred
- 8-10 years of security engineering or information security experience
- Knowledge of common information security & compliance frameworks including SOX and SSAE 16, ISO/IEC 27001/2, NIST and PCI
- Certified Information Systems Security Professional (CISSP), Certified Info Security Manager (CISM) or Certified Info Security Auditor (CISA) preferred
- Understanding of DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- Experience with coding practices, ethical hacking and threat modeling
- Understanding of firewall and intrusion detection/prevention protocols
- Experience with on-prem and cloud architectures
- Work in fast-paced environment and resourceful in achieving success while prioritizing and managing multiple responsibilities.
What we offer:
- Medical, Dental, and Vision Healthcare Coverage
- 401(k) with Company Match
- Paid Vacation
- Competitive Salaries
- Business Allowance
- Employee Discount
- Employee Referral Bonus