Cybersecurity & Privacy Program Lead

FASHIONPHILE•Los Angeles, CA

1d•$140,000 - $160,000•Onsite

About The Position

FASHIONPHILE is looking for a Cybersecurity & Privacy Lead to build, manage, audit and continuously improve the company’s cybersecurity and privacy programs. This standalone security role is also accountable for incident response and vendor management to ensure compliance across privacy, security and contracts / renewals. Responsibilities include: Building and managing the cybersecurity, risk and privacy programs, including strategy, governance, policies, risk register, track metrics, and execute a prioritized roadmap aligned to the company priorities. Auditing access management practices, privileged access, access reviews, asset management, configuration management and onboarding/offboarding processes Leading incident response, including playbooks, incident coordination, communications support, exercises, and post-incident improvement tracking Establishing and operating a data protection program for customer and company data, including data classification, secure handling and sharing requirements, and DLP strategy and monitoring for sensitive data movement. Building and running third-party risk management for critical vendors, including due diligence, contract security requirements, contract renewal reviews, and ongoing issue management and escalations

Requirements

Bachelor’s Degree or equivalent and relevant experience
8+ years cybersecurity experience spanning multiple domains
Demonstrated experience owning security and privacy outcomes in a lean or standalone security role
Demonstrated ability to build and operate a right-sized cybersecurity and data privacy program, including governance, policy development, risk assessment, remediation tracking, and executive reporting
Demonstrated knowledge of privacy program fundamentals such as data mapping support, retention alignment, lawful processing considerations (in partnership with Legal), and responding to customer or partner assurance requests
Strong working knowledge of identity and access management practices (single sign-on, multi-factor authentication, privileged access, access reviews, and timely deprovisioning)
Proven leadership in managing incident response activities, including coordination with external partners (forensics, legal, cyber insurance, and service providers) and internal communications
Ability to translate technical risk into business impact and drive cross-functional execution without direct authority
Familiarity with commerce security and fraud-related risk

Nice To Haves

Retail, e-commerce, marketplaces, payments, or consumer brands, including operating security, privacy, and compliance controls in a high-volume customer environment - Preferred
Audit readiness and compliance evidence coordination experience (for example PCI-related coordination as applicable and customer assurance requests) - Preferred
Certifications: CISSP, CISM, CCSP, or cloud security certifications (AWS or Azure), Privacy and compliance certifications a plus (CIPP/US, CIPM, or CRISC) and/or PMP

Responsibilities

Building and managing the cybersecurity, risk and privacy programs, including strategy, governance, policies, risk register, track metrics, and execute a prioritized roadmap aligned to the company priorities.
Auditing access management practices, privileged access, access reviews, asset management, configuration management and onboarding/offboarding processes
Leading incident response, including playbooks, incident coordination, communications support, exercises, and post-incident improvement tracking
Establishing and operating a data protection program for customer and company data, including data classification, secure handling and sharing requirements, and DLP strategy and monitoring for sensitive data movement.
Building and running third-party risk management for critical vendors, including due diligence, contract security requirements, contract renewal reviews, and ongoing issue management and escalations