Information Security Specialist – New York City (Hybrid)
Our client—a global leader in apparel and retail with a portfolio of internationally recognized brands—is undergoing a major digital transformation to optimize operations worldwide. As part of this evolution, the organization is strengthening its global security posture and building a unified, enterprise-wide framework for secure system development and operations. Occasional availability for remote meetings with global teams off hours is necessary when needed.
We are seeking an Information Security Specialist to join the New York City team. This role is ideal for a security professional who can evaluate complex IT environments, identify and assess risks, and drive the implementation of effective security controls in close collaboration with global IT and business stakeholders.
The Information Security Office plays a critical role in safeguarding customer data and internal confidential information. Operating across multiple regions, the team establishes security standards, delivers training, monitors compliance, and leads global initiatives to reduce risk across the enterprise. Rather than focusing on local optimization, the office develops holistic, group-wide security strategies that support a broad range of business functions and technologies. This position is part of the Global Headquarters team and will also support select initiatives within the North America Information Security Office.
While the primary focus is IT security, this role will also engage with the GRC (Governance, Risk & Compliance) domain. The specialist will serve as a key communication bridge—coordinating between Global Headquarters and North American security teams to enhance governance, risk oversight, and global security alignment. (Note: this is not a direct GRC execution role.)
Key Responsibilities (IT Security Focus)
g
Depending on experience and strengths, responsibilities may include:
• Implementing and enhancing cybersecurity technologies
• (e.g., WAF, AntiBot, Email/Web/Endpoint security)
• Deploying and expanding insider-threat prevention solutions
• (e.g., DLP, CASB, Data Security tools)
• Building and managing log monitoring infrastructure and developing monitoring content
• Planning and executing security assessments and cyberattack simulations
• Investigating and responding to security incidents
• Supporting additional information security initiatives tied to enterprise risk management
