Blue Nile is seeking a passionate and talented, hands-on experienced information security leader to serve as Principal Systems Engineer, Information Security, and build on Blue Nile’s Information Security Program.  In this role, you will be responsible for Information Security across Blue Nile, including application security, assurance, and project security. Scope of role includes Enterprise Client, Server, and Network Security Hardening. In addition, you will be expected to perform/assist in generic security risk assessments and regularly monitor & audit all Information Security processes and controls across all Blue Nile solutions & locations.

Blue Nile seeks candidates who thrive in an entrepreneurial and dynamic environment and demonstrate a record of achievement. The successful candidate will have strong problem solving skills, enthusiasm for learning new technologies, and a strong sense of ownership and responsibility.  Come make your mark at a small company where you have the opportunity to make a difference.

Responsibilities:

• Bring a passion for technology, information security, and protecting customers.
• Developing and maintaining IT and Information Security governance, compliance programs, frameworks, policies, incident management, remediation and audit control
• Architects, designs, implements, maintains and operates information system security controls and countermeasures.
• Serve as Information Security lead on BN projects, with a focus on securing vulnerabilities and reducing risk of system and/or asset compromises.
• Monitor systems for security incidents and vulnerabilities; develop/improve monitoring and visibility; report on incidents, vulnerabilities, trends & overall health of Information Security Program at Blue Nile.
• Manages security compliance assessments and controls testing and oversees remediation of control failures.
• Analyzes and oversees the development of information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems.
• Collaborates closely with peers, partner groups and vendors and develop a culture that strikes a balance at valuing and prioritize information security along with velocity/speed to market.
• Oversees the development and administration of information security training and awareness programs.
• Provide operational leadership, introducing new info security technologies and techniques to the teams
• Mentor, develop and guide Technical & non-Technical team members on designing and developing with Information Security as a focus.

Qualifications:

• Bachelor’s Degree in computer programming, mathematics or a related field or equivalent relevant work experience.
• 8-10 years of security engineering or information security experience
• Strong skills in designing and building scalable, secure system architectures and networks
• Proven understanding of information security risk assessment and technology risk management and compliance procedures and methodologies
• Knowledge of ISO 27001, NIST and other information security standards and ideally have some experience implementing these standards.
• Thorough knowledge of all aspects of information security and compliance including SOX and SSAE 16, ISO 27001/2, and PCI;
• Solid understanding in application security, cloud security, security operations, incident response and infrastructure security
• Experienced in Risk Management principles and the tools to ensure attention is brought to high-risk areas.
• Solid technical background in Windows and MAC environments: Software, hardware, automation, administration
• Strong communication and analytical skills
• Must build productive internal/external working relationships
• Proven ability to operate metrics/goal driven environment, take initiative to achieve goals
• Ability to handle high pressure, prioritize work, and understand impact of duties
• Prefer one of the following certifications: CISSP, CISM, CISA or equivalent
• Prefer experience with both on-prem and cloud environments.

 What we offer

• Medical, Dental, and Vision Healthcare Coverage
• 401(k) with Company Match
• Paid Vacation
• Competitive Salaries
• Business Allowance
• Employee Discount
• Employee Referral Bonus
• Fitness Center Discount