Sr. Director, Cyber Security

• Oversee threat & vulnerability management, security ops, and application security teams.
• Develop and execute a comprehensive cyber risk management strategy, providing a holistic view of our enterprise's risk posture to align with Foot Locker’s overall security objectives.
• Identify key risk indicators (KRIs) for the cyber risk management strategy, to continually monitor our cyber program's risk posture and health.
• Assess and prioritize cyber risks, setting risk tolerance levels and devising mitigation strategies, including those reported by external scoring services.
• Define and maintain policies, standards, and procedures for cyber risk management.
• Conduct regular risk assessments and audits, identifying gaps and recommending appropriate risk mitigation measures.

• Lead incident response planning and oversee efforts to respond to and recover from cyber incidents swiftly.
• Stay informed about emerging cyber threats, industry trends, and regulatory changes.
• Coordinate with internal teams to ensure effective implementation of cybersecurity controls.
• Ensure compliance with applicable laws, regulations, and alignment with industry standards (e.g., GDPR, ISO 27001, NIST, etc.).

• Build out the application security strategy and capabilities; collaborating with software engineering, devops and other executive technology stakeholders to define best practices, tools and roles.
• Provide oversight and guidance for all aspects of application security; including vulnerability assessments, code reviews, penetration testing and vulnerability remediation.
• Collaborate with external partners, vendors, and industry experts to enhance our cyber risk management capabilities.

• Cultivate a culture of cybersecurity awareness and champion best practices throughout the organization.
• Present enterprise risk assessment data and recommendations to executive leadership and committees.

• Bachelor's degree in Computer Science, Information Security, or a related field (Master’s degree preferred).

• 8+ years of experience in leading application security and cyber risk iniatives.
• 5+ years building and managing distributed application security and threat vulnerability teams.
• Security certifications such as CISSP, CISM, or equivalent are a plus.
• Experience in Secure Access Service Edge (SASE), Cyber Threat Management (e.g., Nessus, Veracode), Security and Data Analytics (e.g., Splunk Cloud), Security Automation and Orchestration (e.g., Splunk SOAR), and Identity and Access Management (e.g., ForgeRock, SailPoint, CyberArk).
• Expertise in operating, configuring, and deploying security operations capabilities and systems within a Security Operations Center (SOC).

• In-depth understanding of industry standards, frameworks, and regulations related to cybersecurity (e.g., NIST, ISO, GDPR, MITRE, Cloud Security Alliance).

The annual base salary range is $170000 - $210000 / year. This range represents the anticipated low and high end of the salary for this position. This role is also eligible to receive short term incentives that align with individual and company performance. Salary will be determined by the education, experience, knowledge, skills, and abilities of the applicant, internal equity, and alignment with market data. Salary is one component of the Foot Locker, Inc. total compensation package, which includes the below.

Foot Locker Benefits:

Employee Discount

Paid Time Off

Medical | Dental | Vision Coverage

401(k) | Roth 401(k)

Stock Purchase Plan

Life Insurance

Flexible Spending Account

Opportunities for Advancement

Tuition Reimbursement for Qualified Courses

Strong Company Culture

Employee Resource Groups