Director - Security Risk & Posture Management

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

As a member of the IT Management Team, you are responsible for managing, developing, and leading a team of employees. Your role includes leading the specific functional responsibilities of your team, which involves overseeing team performance and deliverables. However, your role as a leader within our organization requires more than the management of resources and day-to-day operations. As a steward of the company, you are charged with the development and execution of your team’s strategic vision and plan and ensuring that your team’s actions align with the larger goals of the company and the IT Division. 

Costco’s Information Security and Compliance organization is seeking a highly-motivated and collaborative Director of Security Risk & Posture Management, with a pragmatic and self-starter mindset to be responsible for driving the overall strategy, development, implementation, and management of security risk management, but to also lead efforts to mature Costco’s security posture vs industry best practices and ensure ongoing engagement with Costco holistically. This role will be responsible for driving strategic initiatives and alignment across security risk management, third-party risk, and vulnerability management, while using that data to drive outcomes and building relationships through leading the security engagement team. 

As the primary conduit between your employees and upper leadership, your role in communicating and modeling the values and guiding principles of our company culture is of vital importance. All members of IT Management should strive to consciously and consistently foster a culture of engagement, trust, and “open door” communication.  

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

●      INTEGRITY: When achieving benchmarks and goals, use methods/strategies that are consistent with the Code of Ethics and the Standard of Ethics for Managers and Supervisors. Always leads by example. Appropriately handles employee concerns and follows through to resolution.

●      MEMBER SERVICE: Provides and ensures staff provides an exceptional member experience.

●      ADMINISTRATION: Ensures proper department coverage (writing schedule and break aids if needed). Understands department budget, able to research and explain budget variances.

●      MANAGING PERFORMANCE: Coaches and mentors’ employees to provide support and guidance. Has regular open and honest conversations with employees to discuss work performance and career development. Identifies learning opportunities to strengthen employee knowledge, skill, and ability.

●      COMMUNICATION: Regularly shares information with employees via meetings and one-on-one conversations. Successfully navigates difficult conversations with employees, members, and suppliers. Listens, expresses empathy, and adapts to get points across. Addresses issues immediately to ensure a timely resolution and to avoid escalating the situation. Consistently demonstrates business knowledge during interactions with senior management.

●      SELF-MANAGEMENT: Demonstrates sound judgment, taking a partner when necessary. Ability to maintain self-control in the face of hostility or provocation or in intense, hectic situations.

●      INCLUSION: Encourages different approaches and ideas to work and to accomplish goals. Seeks employee input. Takes the time to get to know or reach out to candidates who show potential that may not come forward on their own.

●      COMPLIANCE AND SAFETY: Takes measures to ensure employee and member information is kept confidential and adheres to IS security policy. 

●      LEADERSHIP & STRATEGY:

○        Defines and implements a long-term strategy for security risk and posture management.

○        Leads a team of security and risk professionals, fostering innovation and collaboration.

○        Provides regular reporting to executive leadership on security risk, trends, and key performance metrics.

○        Stays updated on industry trends, regulatory requirements, and emerging threats to ensure continuous improvement in the security risk space.

●      SECURITY RISK MANAGEMENT:

○        Establishes and implements an enterprise security risk management strategy, in collaboration with Costco’s enterprise risk and internal audit functions.

○        Leads the identification, assessment, and mitigation of cybersecurity risks in alignment with business objectives and compliance requirements.

○        Partners with internal stakeholders to automate the assessment of and integrate security risk considerations into decision-making processes.

●      THIRD-PARTY RISK MANAGEMENT:

○        Leads the evaluation of third-party vendors, ensuring compliance with security policies and industry standards.

○        Establishes cross-functional governance mechanisms for third-party risk identification, mitigation, and response.

○        Develops the integration of third-party risk into overall security risk management to drive overall risk to the enterprise.

●      VULNERABILITY MANAGEMENT:

○        Oversees the strategic direction of Costco’s vulnerability management program, including scanning infrastructure, to ensure timely identification of security vulnerabilities, gaps, and misconfigurations.

○        Develops proactive capabilities to anticipate and address emerging risks.

○        Establishes risk-based prioritization models and reporting for patch management and vulnerability remediation.

●      SECURITY ENGAGEMENT/BUSINESS SECURITY PARTNERS:

○        Leads a team of Business Security Partners (BSPs) to drive security outcomes and awareness, while also ensuring visibility into activities and road-maps of business units and departments across Costco.

○        Builds strong relationships with department leadership, ensuring alignment and partnership; treats the business units and departments as our ‘customer’.

○        Acts as a strategic advisor and provides the business visibility into current security posture.

●      This is a full-time management/leadership position (45+ hours per week).

REQUIRED

●      12+ years’ experience with relevant information security and risk/compliance experience, with a demonstrated depth of skill in security control concepts and frameworks (e.g. NIST, CIS, ISO 27xxx). 

●      Proven leadership experience in managing cybersecurity or technical risk/compliance teams, with the ability to lead with vision but the willingness to help with execution.

●      Ability to appropriately calibrate and communicate the urgency of matters, particularly when there are many competing priorities.

●      Technical security and compliance/risk knowledge with the ability to recognize, analyze and troubleshoot issues, and articulate those to both technical and non-technical audiences.

●      Capable of working with diverse teams and promoting a positive, enterprise-wide security culture.

●      HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).

Recommended

●      One or more certifications with necessary skills related to compliance and security, such as CPA, ISA, CISA, CISSP, CIA, etc.

●      Previous work with both legacy and emerging technology solutions.

●      Exposure to cloud providers (Google Cloud Platform, Microsoft Azure), virtualization, and security management preferred.

●      Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

●      Cover Letter

●      Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Range: $160,000 - $203,000, Bonus and Restricted Stock Unit (RSU) eligible 

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.