Director, Information Security at Rent the Runway
Rent the Runway is transforming the way modern women get dressed and disrupting the $2.4 trillion global fashion industry by enabling women to rent, versus buy, clothing. Founded in 2009 with a vision to build the world’s first living closet, RTR believes that women everywhere will soon have a subscription to fashion. Rent the Runway has pioneered a new industry by transforming the traditional model of clothing consumption, making apparel rental an indispensable utility while also powering women to feel their best every day. RTR offers apparel, accessories and home decor from over 700 designer partners and has built in-house proprietary technology and a one-of-a-kind reverse logistics operation. Under CEO and Co-Founder Jennifer Hyman’s leadership, Rent the Runway has been named to CNBC’s “Disruptor 50” five times in ten years, and has been placed on Fast Company’s Most Innovative Companies list multiple times.
About the Role:
Reporting into the Chief Technology Officer (CTO) you will oversee the continued design, build, and deployment of a next-generation multi-pronged IT, Security and Compliance departments.
What You’ll Do:
- Lead the on-going strategy, planning, development , implementation, and maintenance of our IT engineering and security road maps
- Ensuring the confidentiality, integrity, and availability of the data residing on or transmitted through enterprise applications, workstations, servers, databases and other systems.
- Engaging with and influencing the development of applications that run the RTR ecommerce, warehouse, and core business.
- Building IT and Application Security requirements by evaluating business strategies and needs, researching information security standards, conducting system security and vulnerability analyses and risk assessments, studying architectures/platforms, identifying integration issues, and preparing cost estimates etc.
- Planning for IS applications and systems by evaluating every layer of off custom and off the shelf applications, networks and security technologies
- Leading and/or contributing to the creation and maintenance of the enterprise’s Information Security and Compliance documents (policies, standards, guidelines and procedures)
- Supervising the design and execution of vulnerability assessments, penetration tests, and security audits
- Performing assessments of Enterprise Security programs and making strategic recommendations and priority recommendations related to improvements
- Preparing for and presenting at Executive Leadership Meetings
- Engaging in ongoing communications with peers in Application Engineering, Information Technology and the various business stakeholders to ensure enterprise wide continuity
- Managing relationships with third party service providers, including negotiation of contracts/vendors and evaluation of third-party risk related to privacy and Information Security practices.
- Ensuring a robust governance process for deploying information security technologies and processes, including integration of legal, regulatory, and local organizational requirements
- Maintaining up-to-date knowledge of the IT and Security industry, including awareness of innovative information security solutions/processes, emerging standards, and new threat vectors by reading professional publications, maintaining personal networks, and participating in professional organizations
- 5+ years of demonstrated Information Security experience
- 5+ years in a consumer focused technology company
- 10+ years of leadership and management experience
- Bachelor’s and/or Master’s degree in Information Security, Computer Science, Engineering, Technology or a related technical field
- Demonstrated experience in enterprise solutions and implementation of technology and process solutions to reduce the potential risk of data compromise and network viability
- A demonstrated ability to integrate various information security, application, network and data protection technologies and controls into solutions to mitigate risk
- Significant experience in information and/or network security, including hands on experience in security systems (e.g. firewalls, intrusion detection systems, endpoint software, authentication systems, log management, content filtering, etc.)
- Proven working experience in building and maintaining enterprise security programs and IT infrastructure
- Demonstrated experience in delivering comprehensive solutions to complex security issues on a global scale
- Nice to have : CISSP or similar information security certificate (e.g. CRISC, CISA, CEH, CISM)
At Rent the Runway, we’re committed to the happiness and wellbeing of our employees, and aim to create a workplace that fosters both personal and professional growth. Our benefits include, but are not limited to:
- Generous Paid Time Off including vacation, paid bereavement, and family sick leave - every employee needs time to take care of themselves and their family.
- Universal Paid Parental Leave for both parents + flexible return to work program - because we know your newest family member(s) deserve your undivided attention.
- Paid Sabbatical after 5 years of continuous service - Unplug, recharge, and have some fun!
- Comprehensive health, vision, dental, FSA and dependent care from day 1 of employment - Your health comes first and we’ve got you covered.
- Industry leading 401k match - an investment in your future.