The Opportunity
As the Director of Information Security, you will lead the design, implementation, and oversight of our global information security strategy to protect the confidentiality, integrity, and availability of data across our systems and software platforms. You will oversee the development and execution of security programs that align with regulatory requirements, industry best practices, and company goals. This is a hands-on leadership role, requiring both strategic vision and technical expertise to build a culture of security within the organization.
You will play a pivotal role in securing our transition from monolithic platforms to modern architectures with microservices and event-streaming, on Microsoft Azure. This includes securing modern data paradigms, ensuring compliance, and mitigating risks inherent to a retail technology company operating globally.
While frequent travel is not expected, there will be required visits to our sites in the US, Europe and Worldwide; mainly focused in Madrid, Dublin and New York.
Responsibilities
Strategic Leadership
Develop, implement, and maintain the organization's information security strategy and roadmap, aligned with business goals and regulatory requirements.
Provide thought leadership on emerging threats, technologies, and regulatory changes to ensure proactive adaptation.
Define and enforce a comprehensive cybersecurity governance framework, including policies, standards, and controls.
Risk Management & Compliance
Lead risk assessments to identify, evaluate, and mitigate information security risks across global operations.
Ensure compliance with relevant regulatory frameworks, such as GDPR, ISO 27001, and PCI DSS.
Establish and monitor security metrics, creating regular reports for senior leadership and stakeholders.
Program Management
Oversee the design and implementation of security programs, including:
Cloud Security: Focus on securing Azure services, including CosmosDB, Azure Functions, and Event Hubs.
Application Security: Collaborate with architecture and engineering teams to embed security into SDLC processes.
Data Security: Ensure the protection of sensitive customer and enterprise data through robust encryption, anonymization, and access control mechanisms.
Establish and manage a Security Operations Center (SOC) to detect, respond to, and recover from cybersecurity incidents.
Incident Management
Develop and maintain the organization’s incident response plan, coordinating with cross-functional teams during incidents.
Lead post-incident reviews, identifying root causes and implementing improvements.
Team Leadership
Build and mentor a high-performing information security team, fostering a culture of accountability and continuous learning.
Partner with IT, data, and business leaders to embed security into all aspects of the organization.
Vendor and Third-Party Management
Evaluate and manage third-party security risks, ensuring vendors meet the organization’s security standards.
Education and Advocacy
Champion a security-first culture, conducting training and awareness programs across the organization.
Act as the organization's security evangelist, promoting the importance of cybersecurity to both internal and external stakeholders.
Requirements
Technical Expertise
Solid understanding of modern cloud architectures, including event-driven and microservices models.
Experience with cloud security technologies (Azure security tools such as Sentinel, Defender for Cloud, and Identity Protection).
Proficiency in data security practices, including encryption, data masking, and secure data integration.
Knowledge of application security principles, such as OWASP Top Ten and secure coding practices.
Familiarity with threat detection tools and SIEM platforms.
Strategic and Operational Skills
Demonstrable experience in cybersecurity risk management and mitigation.
Strong knowledge of regulatory frameworks in the EU and globally (e.g., GDPR, ISO 27001, PCI DSS).
Ability to align security strategies with broader business and technology goals.
Soft Skills
Exceptional communication and stakeholder management skills, including experience presenting to senior leaders.
Strong problem-solving and decision-making abilities in high-pressure situations.
Proven leadership and team-building capabilities, encouraging collaboration and innovation.
Preferred Qualifications
Bachelor’s or Master’s degree in Cybersecurity, Information Systems, or a related field.
Relevant certifications, such as CISSP, CISM, CCSP, or ISO 27001 Lead Implementer/Auditor.
Experience in the retail technology sector, with a solid understanding of its unique challenges and threats especially within e-commerce technologies.
About ESW
Our purpose is simple: to create moments that matter between people and the brands they cherish. We enable brands to expand their global reach, facilitating simple and seamless ecommerce experiences for consumers worldwide. Through our integration solutions, we deliver a complete international checkout experience, including local duties, taxes, fulfilment, delivery management, and global returns and payment processing capabilities.
Guided by our values—Own It, Champion Simplicity, Win as One, and Debate then Commit—we strive to foster innovation, accountability, and teamwork, creating solutions that inspire trust and drive impactful results.
Why join us?
Competitive salary and benefits: Your financial well being is important to us. Join ESW and experience the satisfaction of being rewarded for your hard work, dedication and commitment.
Professional and personal development: Find your spark and leave your mark. We will ensure your talent is nurtured and cultivated for growth and success throughout your career with ESW.
Hybrid Working: Our Hybrid Working Model empowers you to embrace the flexibility of hybrid working and enjoy the best of office and remote work.
Diversity, Belonging & Inclusion: When we win, we win together. You'll be part of a culture that values every individual for who they are, fostering an environment where uniqueness is encouraged.
ESW is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity, equity, & inclusion in the workplace. Individuals seeking employment and employees at ESW are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, disability, military or veteran status, or any other characteristic protected by applicable law.
If you require any reasonable accommodations or adjustments throughout the hiring process, please let us know. We are dedicated to ensuring equal access and opportunity for all candidates.#LI-hybrid #LI-AL1