QUESTIONNAIRE-6-38

03

Serving the needs of all families with young children, Carter’s Inc. is the largest North American apparel retailer exclusively for babies and young children, encompassing Carter’s, OshKosh B’gosh, Skip*Hop and Little Planet brands. Meaningful work, constant learning, genuine people, and a community guided by core values that promote inclusion and innovation is in everything we do. There are many reasons to build your career at Carter's.

How you’ll make an impact:

The Senior Manager of Security Operations & Engineering reports to the Senior Director of Information Security Services and is responsible for ensuring a stable, secure computing environment, promoting high levels of end user satisfaction, by providing the leadership necessary to manage and coordinate the Information Security program. This is a hands-on position, providing the information security services including compliance with SOX/PCI risk management, security incident management, identity and access management, and administration and operations of information security tools and services. Supporting the Sr. Director with vendor contracts tracking and management is also expected in this role. This position is also responsible for researching, interacting, coordinating, and recommending present and future information security solutions with competent vendors who provide information security products and services.

This role typical reports into the Senior Director, Information Security, has five (5) direct reports and is based in our Buckhead office in our hybrid work environment.

IT Policies, Risk, & Compliance - 25%

• Oversees the development, implementation, and maintenance of global security policy, enterprise security standards, guidelines, and procedures for appropriate risk mitigation and to support regulatory and industry compliance (e.g. SOX, PCI, HIIPA).

• Develops and implements the IAM strategy, policies, and procedures to manage user identities and access privileges.

• Collaborates with IT and business units to define and enforce IAM standards and controls across the Carter’s.

• Partners with VP and Senior Director of Security to serve as advisor to executive leadership, Board of Directors, and Audit Committee in the development, implementation, and maintenance of a strong information privacy and security program and infrastructure including network access and monitoring policies.

• Collaborates with Legal Counsel, Internal Audit on compliance, security, and privacy practices, processes, procedures, and protocols; Monitors and reports statuses, and actively participates in audits or reviews as required.

• Must be able to interact effectively with applications teams, peers, and management staff to create application security processes and protocols.

• Assists in developing, managing, and maintaining the capital and operating budget for IT Security, Risk, and Compliance department.

• Be engaged with and understanding of business environment, projects, considerations, and constraints in implementing all policies and associated technologies

• Develop and implement a strategic, long-term information security strategy and roadmap with VP and Senior Director of Security to ensure that the company’s information assets are adequately protected

• Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time

• Oversee incident response planning and the investigation of security incidents, and assist with any associated disciplinary, public relations and legal matters Builds and sustains strong relationships with Carter’s functional and technical teams and serves as a trusted advisor on security

Security Operations Management - 35%

• Responsible for 24/7 security monitoring and threat detection/prevention for the organization

• Develop and report on security operations dashboards, metrics and KPIs relevant to understanding improving Carter’s security capabilities and defense levels

• Foster and manage relationship with 3rd party MSSP/SOC provider to establish a true partnership with Carter’s organization

• Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time

• Evaluate and select IAM technologies and tools to meet business requirements and security objectives.

• Ensure the protection, integrity, confidentiality, and availability of information in the custody of or processed by the Company by: respond in a timely manner to a loss or misuse of information assets; participate in investigations of suspected information security misuse or in compliance reviews as requested by auditors; communicate unresolved security exposures, misuse or noncompliance situations to management.

• Research and consult with key technology suppliers and industry consultants to evaluate, select, install, and configure hardware and software systems that provide appropriate security functions.

• Develop, mentor and manage a high-performing team of security professionals, including Senior Security Engineers and Analysts

Security Engineering - 40%

• Accountable to develop, implement, integrate, and maintain the security strategy and roadmap, including security tools and technologies.

• Provide leadership and management oversight for various security tool deployment and implementation, including, but not limited to, next-generation firewalls, intrusion detection system, security incident & event management system, anti-virus and malware solutions, certificate management, secure email gateway, URL filter, single sign-on & multi-factor solution, identity governance, privileged access management, cloud security and other devices or solutions required for enterprise cyber security.

• Develops emergency procedures and incident response protocols; acts as the control point during significant privacy and security incidents.

• Understands potential threats, vulnerabilities, and control techniques. Monitors network of vendors and employees to ensure the safeguarding of information assets.

• Investigates security breaches, communicates to appropriate executive management and local information privacy and security leadership, and pursues associated legal protocols in relation to any security investigation, incident, or security breach.

• Conducts periodic penetration testing and security audits; establishes risk assessment criteria and methodology.

We’d Love to hear from you if: (Requirements section)

Must have:

• Security Architecture and Engineering: Deep understanding of security technologies (firewalls, IDS/IPS, endpoint protection, etc.), cloud security (AWS, Azure, etc.), and secure infrastructure design to lead engineering efforts and implement security controls.

• Identity and Access Management (IAM): Strong knowledge of IAM protocols and solutions (e.g., Okta, Active Directory, SSO, MFA), governance, and least-privilege principles to ensure proper access control across the organization.

• Security Operations and Incident Response: Expertise in managing Security Operations Centers (SOC), incident response, monitoring, and threat detection using tools like SIEM, EDR, and SOAR platforms to maintain operational security and manage cybersecurity incidents.

• Must have strong knowledge of industry best practices, laws, frameworks, and compliance standards related to data privacy and protection.

• Ability to effectively prioritize and execute tasks in a high-pressure environment

Preferred skills and experience:

• Operational and capital budget management.

• Experience with communicating with senior leadership and audit committee members.

• In-depth knowledge of platform operating systems, including Windows, Linux, and Unix

• Experience with Wide Area Network/Local Area Network/Wireless Network, TCP/IP and related protocols

• Strong knowledge of Intrusion Detections and Prevention techniques

• Must have very strong written and verbal skills and influence to interact effectively with all levels of leadership, board members, IT staff, vendors, auditors, third-party business application providers, and other parties impacting the company’s security state

• Experience with Managed Service providers in relation to providing security services, including establishing protocol, measuring provider metrics, understanding contractual agreements, and general day-to-day monitoring and operational expectations

• Bachelor’s degree- preferred, also preferred area of study; Computer Science or related field

• 8+ years IT experience required, leadership experience, highly desired

• Leadership experience in the Retail industry

• Preferred or open to obtaining - Certified Information System Security Professional (CISSP) or equivalent certification from a recognized professional organization such as International Informational Systems Security Certification Consortium ISC)2, Global Assurance Certification (GIAC), or Information Systems Audit and Control Association (ISACA).

OUR Team Members:

Lead Courageously: Have a strong sense of personal values that align with our Company values

Collaborates Broadly: Build cooperation, trust, and thrive in a consensus driven environment

Customer Focus: Proactively seek opportunities to leverage data and fact-based insights to serve customers and/or internal clients

Drive Growth: Set aggressive goals and implement plans precisely

Cultivates Innovation: Respectfully challenge the "we’ve always done it this way" mentality and explore new ways to achieve desired outcomes

Make a career at Carter’s:

Career Development: Success starts from within, and we have several paths from which you can choose to enhance your career evolution. From Carter’s University to Toastmasters to mentorship programs and more, we encourage you to utilize these tools to elevate your professional prowess.

Carters is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by federal, state, or local law.