Posted on: October 11, 2021 | Job#: R10105

Director, Ecommerce and Retail Security

Full time | One Harrison Street, San Francisco, CA, US 94105


We’ll send you to our application portal to get started.

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the Role

Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s four renowned brands – Gap, Banana Republic, Old Navy, Athleta. We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?

GapTech Information Security is the global information security function for Gap Inc. inclusive of and across, all Gap Inc. brands. The Ecommerce & Retail Security Director is a member of the Product Security team within GapTech Information Security, and reports to the Head of Product Security. In this role, the Director will cater to the needs of the business, engage with the E-commerce and Retail products, its infra, and developer teams, be responsible for building a strategy for implementing security controls across all 4 customer facing Websites, IOT devices in 2500+ stores, customer contact centers governing and providing technical advisory support across a rapidly modernizing and dynamic hybrid multi-cloud and retail, supply chain environment, ensuring governance and compliance with legal and regulatory requirements, maintain Gap Inc. Information Security policies, standards, and industry best practices.

What You'll Do

  • Manage, mentor, lead and hire Ecommerce and Retail Security professionals to meet the needs of a dynamic  organization to secure and assist our Gap Inc customers.
  • Provide strategic and tactical vision, and execution, focused on incident prevention, detection and response in Gap Inc Selling Channels. 
  • Assess risks and weaknesses and identify security design or implementation gaps in existing customer facing products and services. Direct remediation efforts and operationalize detect-and-response capabilities. You will incept and supervise programs to harden the infrastructure to secure our enterprise and Distribution center systems. 
  • Represent Product Security and InfoSec in product strategy and roadmap development with GapTech's PMs, TPMs and Engineers for our customer platforms.
  • Stay informed about the security landscape – internal and external threats, regulatory requirements, policy changes and other sources – and ensure applications maintain compliance as well as security hardening. 
  • Evaluate fraud technology as well as utilize a variety of software to reduce potential frauds and evaluate efficacy of new tools for fraud insight.
  • Guide technical development of customer facing tools and product features in order to reduce security risk and fraud across the organization.
  • Create a score card about the state of Security of our Ecommerce, stores, Contact center platforms to present it to senior leadership.
  • Drive thought leadership to define clear business problems and customer pain points and influence how we prioritize security solutions to resolve them/mitigate impact.

Who You Are

  • 8+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in Web, mobile and store app and devices.
  • 5+ years of senior level engineering experience working with highly scalable enterprise software, consisting of (3+) years of proven experience working in application security, Ecommerce/web security, mobile applications.
  • Technical Experience in implementing protection against Account Takeover, session hijacking, enumeration, Bots, intrusion detection, supply chain attacks and digital forensics.
  • Broad security-related domain knowledge with authentication and authorization, Customer identity and access management(CIAM), data protection, OAuth/Open ID connect, Web application firewall,RASP, APIs, micro-services. 
  • Extensive understanding in OWASP Top 10, MITRE ATT&CK, NIST CSF, CVSS, CWE criteria and scoring.
  • Have a clear understanding of cloud computing services/deployment architecture, especially Azure, GCP and OCI. 
  • Experience in implementing protections against Giftcard and loyalty fraud, chargebacks etc in selling channels. 
  • Experience implementing controls and mitigating risks related to GDPR, PCI, CCPA and other information security and data privacy standards.

Benefits at Gap Inc.

  • Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
  • One of the most competitive Paid Time Off plans in the industry.*
  • Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
  • Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
  • Employee stock purchase plan.*
  • Medical, dental, vision and life insurance.*
  • See more of the benefits we offer.

*For eligible employees

Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. This year, we’ve been named as one of the Best Places to Work by the Humans Rights Campaign for the fourteenth consecutive year and have been included in the 2019 Bloomberg Gender-Equality Index for the second year in a row.


We’ll send you to our application portal to get started.

Browse all jobs

Recently Viewed