Group Director, Cyber Risk & Security Engineering
CHANEL · New York, United States · 2 wk ago
Information Technology$127k–$195k/yrFull-time
About the role
CHANEL is hiring a Group Director, Cyber Risk & Security Engineering. We are looking for a Security Engineering, Governance and Cyber Risk champion to join our Information Security Team onsite in the New York City area.
Responsibilities
- Play a leading role, reporting directly into the Head of Information Security, in safeguarding the integrity and reputation of The House by ensuring adherence to regulatory requirements, industry standards, and internal policies, while garnering awareness to influence behavior change.
- Collaborate cross-functionally with teams across the enterprise including Tech, Legal, Operations, Retail, and with our global partners to assess risks, implement continuous monitoring programs, and drive a culture of cyber resilience and accountability across the organization.
Requirements
- Demonstrate a unique blend of leadership, information security domain expertise, strong risk management acumen, business judgement, creativity, entrepreneurial spirit, communication skills, and embrace diverse perspectives.
- Extensive hands-on experience in cyber engineering, implementing and managing enterprise security solutions across cloud-native and hybrid environments (Azure, AWS, GCP), networks, and endpoints.
- Advanced expertise with security technologies (SIEM, EDR, PAM, firewalls, encryption), focusing on governance and reporting.
- Deep knowledge of secure communications, identity and access management, and data loss prevention.
- Practical experience applying industry frameworks and standards (NIST 800-53, ISO 27001, CIS) to achieve scalable, business-aligned security outcomes.
- Experience with PCI DSS assessments and readiness (preferred).
- Proven ability to communicate complex technical and risk concepts clearly to senior leadership.
Qualifications
- Bachelor’s degree in computer science, information technology, or equivalent; Security-specific certifications (such as CISSP, CISM, CISA) are preferred.
Skills
- Leadership conducting threat modeling, technical assessments, and remediation.
- Translate technical risks into actionable requirements and behaviors, fostering a culture of secure operations and empowering teams enterprise-wide.
- Build and scale impactful security awareness programs, driving measurable behavior change and elevating security practices across corporate, retail, and operations environments.
- Identify and address information security program gaps, advising on remediation and influencing adoption in partnership with the Head of Information Security.
- Drive a scalable, intuitive approach to identity and access governance, ensuring the right individuals have timely access while minimizing business friction.
- Act as a decisive tech leader, taking informed risks and making recommendations quickly within a complex, matrixed organization.
Benefits
- Wellbeing resources include dedicated paid time off for wellbeing (2-week August Office Closure) and a Wellbeing fund.
- Family and care giving benefits (inclusive of parental leave, fertility support, MilkStork, and Care.com Membership).
- Generous paid time off policies to include vacation, holiday, sick and volunteer days.
- 401K and other incentives.
- Robust healthcare offerings; medical, dental, vision, MDLIVE (virtual care), One Medical, Flexible Spending Accounts (Health Care & Dependent Care), Health Savings Account and Employee Assistance Program.
- Life insurance, Accidental Death & Dismemberment, Short Term Disability, Long Term Disability, Health Advocate, International Business Travel Accident & Medical, and Commuter Transit & Parking.
Pay
The anticipated base salary range for this position is $127,000-$195,000. A base salary is one component of the total compensation for this position. Other forms of variable pay [may/will] be offered for this position. Other components [may/will] include bonus potential, benefits, and/or perks.
Schedule
Hybrid work model with 3 days onsite required.