Senior Manager, IT (Cybersecurity Portfolio Delivery)

Our values start with our people, join a team that values you!

We are the nation’s largest off-price retailer with over 2,000 stores, and a strong track record of success and growth. Our focus has always been bringing our customers a constant stream of high-quality brands and on-trend merchandise at extraordinary savings. All while providing a fun and exciting treasure hunt experience.
As part of our team, you will experience:

  • Success. Our winning team pursues excellence while learning and evolving
  • Career growth. We develop industry leading talent because Ross grows when our people grow
  • Teamwork. We work together to solve the hard problems and find the right solution
  • Our commitment to Diversity, Equity & Inclusion, and our community. We celebrate the backgrounds, identities, and ideas of those who work and shop with us because our differences make us stronger. We strive to be a positive force in our community.

Our Corporate headquarters are in Dublin, CA, we have 3 buying offices in key markets in New York City, Los Angeles, and Boston, and 7 distribution centers nationwide. With 2022 revenues of $18.7 billion, we are a Fortune 500 company who is committed to providing an inclusive work environment with continuous learning opportunities and development for our teams.

Come see what’s in store:

The Senior Manager of Cybersecurity Portfolio Delivery reports to the VP of Cybersecurity Engineering and Delivery. In this capacity, they are responsible to deliver the Cybersecurity 5-year capital plan, to manage the vendor renewal process and to oversee the Cybersecurity Portfolio projects to ensure the deliver the scope and within the allocated budget and timeline.

The Cybersecurity Portfolio Delivery Senior Manager is responsible for owning, updating, driving success on strategic planning and project definition for Cybersecurity capital projects as well as cross functional projects, to evolve the Cybersecurity catalog. He or she will exercise wide latitude to assess incoming cross functional project requests, understand the scope of security and the requisite objective & solution and to drive support from respective/all security towers - Host, Identify & Access Management (IAM) and Network Security towers.

The Cybersecurity Portfolio Delivery Senior Manager will lead and govern and the use of SDLC process and templates to strengthen quality execution for Cybersecurity capital projects through timely interactions and guidance for Cybersecurity delivery teams and cross-functional project teams (for relevant Cybersecurity-involved cross-functional project requests). As part of project enablement, this role will evaluate vendor contract renewals and drive use of Strategic Sourcing in Cybersecurity capital projects.

This role will understand existing risks, threats, security exceptions, and our technology landscape to identify and budget for the projects necessary to maintain our existing capabilities and to fund future cybersecurity maturity targets.

This role will oversee the Cybersecurity portfolio activities including risk-driven priorities and needs, budget planning and resource allocation, and the strategic plans needed to leverage capital projects to mature the Cybersecurity portfolio and catalog. They will also inform Cybersecurity leadership of project and portfolio risks and advise and recommend the necessary steps to mitigate them.

This role will manage the Cybersecurity portfolio solutions and will partner with the Strategic Sourcing team to ensure that vendor solutions have appropriate contracts, licensed, procured, and renewed to ensure we are able to meet our security objectives.

The Cybersecurity Portfolio Delivery Senior Manager has strong knowledge of current security space and its essential priorities and how to balance that with the needs for the business, a general understanding of security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information on the security landscape.

The base salary range for this role is $138,100 - $228,900. The base salary range is dependent on factors including, but not limited to, experience, skills, qualifications, relevant education, certifications, seniority, and location. The range listed is just one component of the total compensation package for employees. Other rewards vary by position and location.

Cybersecurity Portfolio Strategic Planning

• Drive portfolio leadership in ongoing 5-year strategic planning and road mapping (5YP), and the integration of those plans with 1-year execution plans (1YP)

• Tracking of cross-functional projects within the 5YP and 1YP and coordinating support by portfolio leadership

• Aligning with key areas to identify areas of risk and threats to the Ross environment

• Creation and management of Cybersecurity E&D project templates and accelerators to support timely execution and quality engagement with project stakeholders

• Work with strategic sourcing and portfolio leadership to elevate performance of contracting/subscription processes

• Review contracts prior to signing to ensure that the terms align with the general risk level of the company
Cybersecurity SDLC Execution Manager

• Facilitate consistency in Tower team compliance with SDLC processes and timelines, preparedness for process gates, and engaging with the business

• Manage portfolio budget (capital and expense) monitoring, perform analysis, and identify/report budget risks

• Define metrics for Cybersecurity E&D execution of SDLC processes, drive continuous improvement, and identify opportunities to improve communications and messaging with the business

• Oversee the portfolio projects to ensure they meet the scope, timeline, and budget of pro the projects within the portfolio

• Implement standards to ensure that projects have appropriate testing plans and production validation procedures.
Cybersecurity Catalog & Business Alignment

• Mapping efforts and their prioritization to a Cybersecurity Capabilities matrix to improve understanding of risk

• Ensuring that security capabilities align with business capability needs.

• Facilitate opportunities for Cybersecurity E&D to communicate, align, and socialize early/often with key stakeholders

• Define and capture metrics to elevate portfolio management and support security-related reporting and conversations with the CISO, CIO, and Board


• Building Effective Teams (for managers of People and Projects)

• Developing Talent (for managers of People)

• Collaboration

• Leading by Example

• Communicates Effectively

• Ensures Accountability and Execution

• Manages Conflict

• Business Acumen

• Plans, Aligns and Prioritizes

• Organizational Agility
With particular emphasis on the following specific position-related competencies:

• Project Management

• Analytical Thinking / Decision Quality

• Presentation Skills

• Influencing and Persuasion


• Bachelor's degree in an IT related major or equivalent experience

• Minimum 10 years of experience in an IT related area

• Minimum 10 years of project management experience with a proven track record of successfully delivering projects; experience working on and managing enterprise scale projects in Information Security domain

• Minimum 7 years of experience managing multi-disciplinary teams.

• Broad technical understanding of security capabilities such as: firewalls, proxy, DLP, Malware, FIM, PAM, or SIEM, and identity & access management areas.

• Experience in vendor management, negotiating pricing, and reviewing legal documentation

• Demonstrated experience managing high complexity projects or small programs.

• Conceptual and practical understanding of IT Infrastructure designs, technologies, products, and services. This should include knowledge of networking protocols, operating systems, databases, encryption, and other technologies.

• Experience with delivery of Information security projects in any of the domains - Host/End-point Security, Identity and Access Management, and Network Security

• Technical orientation balanced by project management discipline. Able to supervise internal programmers, analysts, consultants, non-technical business resources and external vendor resources.

• Strong communication skills to be able to discuss security architecture / solution/techniques with cross-functional project teams

• Demonstrated ability to execute financial analysis and manage budgets

• Ability to effectively communicate at all levels of the organization.

• Very good verbal and written communication skills
Preferred Qualifications:

• Certified in PMP/Agile

• Any industry relevant Information security certification (CISSP, CISM)

• Big 4 Cybersecurity strategy consulting experience

This position requires the ability to work in an office environment, including using a computer, attending meetings, working as part of a team, and the ability to communicate with team members and others. Regular attendance also is a requirement of the position.
This role requires regular in-office presence, including attending in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work. #LI-Hybrid


This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company's overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.