DIRECTOR, DIGITAL COMMERCE Job Listing at Dollar General in Goodlettsville, TN (Job ID 2025-333642)

Description

Work Where You Matter: At Dollar General, our mission is Serving Others! We value each and every one of our employees. Whether you are looking to launch a new career in one of our many convenient Store locations, Distribution Centers, Store Support Center or with our Private Fleet Team, we are proud to provide a wide range of career opportunities. We are not just a retail company; we are a company that values the unique strengths and perspectives that each individual brings. Your difference truly makes a difference at Dollar General. How would you like to Serve? Join the Dollar General Journey and see how your career can thrive. Company Overview:

General Summary:

The Senior Manager will play a pivotal role in maintaining the safety and integrity of the Company's infrastructure and data. This role requires an individual with a robust background in the management of infrastructure security, who is also a strategic thinker with exceptional problem-solving capabilities. They must possess superior leadership skills in both technology and people management, capable of motivating teams into action. Their communication skills will be vital in conveying security concepts in a clear, concise manner across technical and non-technical layers of the company, whether in person or in writing.

The Senior Manager of Infrastructure Security will:

• Develop and lead the implementation of the Infrastructure Security team's strategies in a pragmatic, risk-focused mindset with correlative understanding to drive risk-appropriate decisions for the business; drive compliance with internal security standards and applicable regulatory requirements; work as part of the information security leadership team to administer information security program; recommend, implement, administer, and support appropriate security controls to meet evolving information security objectives.
• Manage infrastructure security team personnel and associated programs (e.g., applicable policies and procedures, cybersecurity consultation and advocacy; risk monitoring, analysis, reporting, mitigation planning, and coordination; and team, personnel, financial, and vendor relationship management).

Duties & Responsibilities:

• Lead the development and implementation of infrastructure security controls to protect the Company's infrastructure and data assets. Maintain applicable regulatory infrastructure security control requirements. Collaborate with other departments to integrate appropriate security measures into the Company operations. Develop and maintain appliable security standards and procedures. Remain current with the latest security trends, technologies, techniques, and best practices. Oversee the implementation and management of security tools and technologies. Coordinate and manage security appropriate incident response activities. Manage relationships with external security vendors and service providers. Participate in the development and execution of applicable disaster recovery and business continuity plans. Monitor and report on the effectiveness of security measures and make recommendations for improvements. 
• Manage and develop an effective, pragmatic infrastructure security team; develop, maintain, and evangelize applicable and measurable security procedures; manage financial resources; drive team success through effective metrics and clear performance expectations and indicators; and manage internal customer engagement and service delivery. 
• Represent the information security department through pragmatic consultation and participation in a defined SDLC, promoting infrastructure security best practices and standards.
• Promote security best practices via awareness and leadership by example; monitor compliance with policies and regulatory requirements; maintain audit readiness; support internal and external auditors through effective and timely fulfillment of audit requests; and assist in the development of audit responses and action plans.

Knowledge, Skills and Abilities (KSAs):

• Excellent writing communication and interpersonal skills, with the ability to explain complex security concepts in audience-appropriate (e.g., technical vs business) terms to technical and non-technical audiences across multiple levels.
• Proven, effective team building abilities to drive team cohesion, accomplishment of the mission, and inspire team members to work together with a sense of urgency and purpose and individually with genuine curiosity, initiative, and motivation to succeed.
• Strong analytical and problem-solving skills.
• Strong understanding of current and emerging application security and general information security best practices, technologies, techniques, trends, threats, and countermeasures.
• Strong negotiation skills (e.g., driving internal security recommendations, external vendor action, etc.).
• Strong understanding of effective, pragmatic infrastructure security controls; risk management and compliance strategies and techniques; and PCI, HIPAA, and SOX regulatory requirements.
• Ability to learn and retain new skills to adapt to evolving business, technical, risk, and security needs.
• Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel occasionally.

Work Experience &/or Education:

• College degree or equivalent experience in information security.
• Minimum seven years of information security experience with at least five years focused on infrastructure security and at least three years in an information security management role with a proven record of managing and leading a team of security professionals.
• Extensive hands-on experience with data, network, and system security tools and technologies.
• Strong understanding of security frameworks and standards, such as NIST and ISO 27001.
• Hands-on experience with cloud security and similar emerging technologies.
• Hands-on experience with security automation and orchestration tools.
• Hands-on experience with security incident response and management.
• Knowledgeable about third-party risk management.
• Knowledgeable about DevSecOps practices and principles, specifically infrastructure as code.
• Understanding of data privacy regulations and their impact on infrastructure security.

Preferred:

• Active CISSP, CISA, or CISM certification.
• Work experience in an enterprise-class environment.