Director Information Security- Engineering and Delivery

Welcome to Ross Stores, Inc., where our differences make us stronger… At Ross and dd’s, inclusion is a way of life. We care about our Associates and the communities we serve and we value their differences. We are committed to building diverse teams and an inclusive culture. We respect and celebrate the diversity of backgrounds, identities, and ideas of those who work and shop with us. Come join us as we continue our diversity, equality and inclusion journey!

The Information Security Engineering and Delivery team is responsible for business of security across Host Security, Identity & Access Management (IAM) and Network Security, which range from security technology roadmaps, vendor/budget management, delivering new security solutions and capabilities from architecture through production, as well as administering all security services including executing enhancements, upgrades, break-fixes and transition to Security Support & Security Operations.
The Director role within this team is responsible for leading Host, Identity & Access Management (IAM) and Network Security teams. He/she is responsible for overall Information Security programs, provides the leadership required to execute the implementation of solutions to address current and future security needs across the enterprise to protect the business. Serve as internal business consultant in the support of evolving the company's security capabilities and services. Highly visible role with IT executives and directly interface with the business community. He/she will have deep expertise around industry best practices in the various aspects of IT and Security, trends, retail knowledge and ability to implement solutions to enable key business strategies. Proven track record and ability to balance desired capabilities end-state within program/environment constraints and with a pragmatic lens.


• Provide direction for program management activities requiring budgeting and resourcing input across all IT teams.

• Help influence and set strategic direction for the company. Work with business and IT owners to help define, develop and maintain strategic and tactical programs and plans.

• Lead & mentor a team of security engineering and project delivery resources, to drive the execution of the technology roadmap, mature and optimize existing security capabilities, and ensure stability of solutions to continue protecting the business.

• Own and administer the Information Security expense and capital budget, and 5-year plan.

• Guide the extended Architecture, Engineering, and Application teams through the delivery processes and procedures.

• Own and administer the resource plan, factoring in the dynamic demands on the team, team limitations and priorities in partnership with Infosec VP, Chief Security Architect, iGRC & Cyber Defense teams.

• Stay current with retail and security technology industry trends and lead the adoption of strategic technologies across all IT stakeholders.
Security Engineering: Host, Network Security & Identity & Access Management (IAM)

• Set direction to improve security functionality of existing infrastructure.

• Engage the extended Architecture, Engineering, and Application teams through the delivery processes and procedures.

• Lead the team to ensure a current roadmap and strategy exists for each service in as well as gaps in security that need to be remediated.

• Ensure the security infrastructure availability.

• Ensure security infrastructure is achieving defined security objectives.
Security Delivery: Host, Network Security & Identity & Access Management (IAM)

• Ensure that projects are resourced, and effectively staffed to meet or exceed expectations of scope, schedule and budget.

• Provide ongoing support and leadership in resolving risks and issues related to the programs throughout execution.

• Innovate and iterate on program execution methodology to provide continuous improvement opportunities.

• Provide demand management for Technology Resources, Bill of Material across all enterprise projects.


• Building Effect Teams (for managers of People and Projects)

• Developing Talent (for managers of people only)

• Collaboration

• Leading by Example

• Communicates Effectively

• Ensures Accountability and Execution

• Manages Conflict

• Business Acumen

• Plans, Aligns and Prioritizes

• Organizational Agility

With particular emphasis on the following specific position-related competencies:

• Strong influencing skills, both within the IT organization and business units

• Solution oriented; on-time and on-budget win-win mentality

• Customer centric approach with a drive for results and quality of work

• Self-critical, able to evaluate past failures objectively with focus on continuous improvement

• Strong interpersonal skills


• At least 10 to 15 years of experience in Information Security with demonstrated and progressive responsibility and influence.

• Broad knowledge of major technologies, platforms, and systems.

• Demonstrated experience in delivering enterprise-wide solutions.

• Experience managing team members with multiple levels of seniority/management.

• Experience managing service providers/integrators, including offshore services.

• Demonstrated experience in the development of solution programs/projects.

• Strong analytical ability, judgment, and problem analysis techniques.

• Strong communication skills both written and verbal and able to effectively operate with VP and above executives.

• Strong interpersonal skills with the ability to work effectively in a matrixed organization.

• Ability to work with teams that are geographically distributed.

• Demonstrated ability to execute financial analysis, such as TCO models and ROI.

• Technically competent; able to supervise and inspire other senior technologists.

• Some travel may be required.

• Bachelor's degree required. Advanced degree or equivalent work experience preferred.
Preferred Qualifications:

• Experience with project/program management tools, budgeting/forecasting, and resource/demand management.

• Working knowledge of security operations principles.

• Understanding of regulatory compliance such as PCI and SOX.

• Some professional services / consulting experience.

• CISSP, CISM or similar security certification preferred


• Job requires ability to work in an office environment, primarily on a computer.

• Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.

• Consistent timeliness and regular attendance.

• Vision requirements: Ability to see information in print and/or electronically.

• This role requires regular in-office presence, including to engage in in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.


• Managing the recruitment, retention, and career development of internal staff.

• Managing, mentoring, and leading professional services staff as needed

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.
Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company's overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.