Our values start with our people, join a team that values you!

We are the nation’s largest off-price retailer with over 2,000 stores, and a strong track record of success and growth. Our focus has always been bringing our customers a constant stream of high-quality brands and on-trend merchandise at extraordinary savings. All while providing a fun and exciting treasure hunt experience.

As part of our team, you will experience:

• Success. Our winning team pursues excellence while learning and evolving
• Career growth. We develop industry leading talent because Ross grows when our people grow
• Teamwork. We work together to solve the hard problems and find the right solution
• Our commitment to Diversity, Equity & Inclusion, and our community. We celebrate the backgrounds, identities, and ideas of those who work and shop with us because our differences make us stronger. We strive to be a positive force in our community.

Our Corporate headquarters are in Dublin, CA, we have 3 buying offices in key markets in New York City, Los Angeles, and Boston, and 8 distribution centers nationwide. With 2023 revenues of $20.4 billion, we are a Fortune 500 company who is committed to providing an inclusive work environment with continuous learning opportunities and development for our teams.

GENERAL PURPOSE:

The IT Manager II is responsible for facilitating cybersecurity risk management and governance processes for Ross Stores. This role works closely with the IT Compliance Manager and Secure Project Delivery Manager to help develop, mature, and execute the IT Risk processes which include governance, risk assessment, risk analysis, risk metrics, risk reporting, technology enablement, maintenance of the risk taxonomy, and organizational integration. This role is also responsible for establishing security policies, standards and procedures and managing security awareness program.

The base salary range for this role is $125,400 - $214,200. The base salary range is dependent on factors including, but not limited to, experience, skills, qualifications, relevant education, certifications, seniority, and location. The range listed is just one component of the total compensation package for employees. Other rewards vary by position and location.

ESSENTIAL FUNCTIONS:

• Leads the security governance and risk management team performing IT and business risk assessments, vendor risk management, contracts management, security policy and standards management and security awareness.

• Performs management and personnel administration functions associated with Ross' Cybersecurity Governance and Risk Management Department

• Develops action plans, schedules, budgets, status reports and other management communications intended to improve the status of information risk at Ross.

• Responsible for performing risk assessments to identify current and future security vulnerabilities, determine what level of risk is acceptable to the organization, and determine the best ways to reduce cybersecurity risks to this acceptable level of the company's assets, relationships, processes, and functions associated with IT and business risk.

• Responsible for managing Third Party risk management and related contracts agreements to ensure necessary security controls have been included as part of services and capabilities for the protection of organization assets

• Responsible for providing support to IT during product and vendor selection process and providing subject matter expertise on Cybersecurity risk and compliance

• Establish and maintains related IT Risk Management metrics and reporting. Collaborates with IT Compliance Manager, Secure SDLC Manager, Cybersecurity, and IT groups to define, gather and analyze metrics. Provides targeted reporting to all levels of IT and Business management.

• Executes and maintains risk assessments related tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing an overall view of the organization's risk profile. Coordinates and communicates IT risk-related activities among IT key stake holders.

• Responsible for establishing, enforcing and maintaining Cybersecurity policies, standards and procedures

• Responsible for establishing information security awareness programs, regularly conducting exercise to educate employees of the cybersecurity and best practices.

• Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to cybersecurity and privacy, so that Ross Stores is warned in advance and is ready to be fully compliant with these requirements.

COMPETENCIES:

People

• Building Effective Teams (for managers of People and Projects)

• Developing Talent (for managers of people only, N/A for this role/level)

• Collaboration

Self

• Leading by Example

• Communicates Effectively

• Ensures Accountability and Execution

• Manages Conflict

Business

• Business Acumen

• Plans, Aligns and Prioritizes

• Organizational Agility

With particular emphasis on the following specific position-related competencies:

• Customer Focus

• Problem Solving

• Technical Knowledge

• Motivating Others

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

• Minimum 8-10 years of professional experience in running a cybersecurity function, including analyzing and applying cybersecurity risk, risk management, and privacy practices

• Bachelor's degree preferred or equivalent combination of education and relevant experience

• At least 5 years of experience working with cross-functional teams

• Experience with all aspects of regulatory and contractual compliance, especially Payment Card Industry (PCI), Sarbanes Oxley, and Health Information Portability and Accountability Act (HIPAA) requirements for as they relate to IT

• Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT

• Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership

• Proficient in network security design and architecture, capacity planning, network performance monitoring, end-point protection, patch-management, vulnerability management, penetration testing, intrusion detection, risk management, mobile device management, wireless management and data loss prevention.

• CISSP (Certified Information System Security Professional), CISA (Certified Information Systems Auditor) OR CRISC (Certified in Risk and Information System Control) OR CGEIT (Certified in Governance of Enterprise IT)

PHYSICAL REQUIREMENTS/ADA:

This position requires the ability to work in an office environment, including using a computer, attending meetings, working as part of a team, and the ability to communicate with team members and others. Regular attendance also is a requirement of the position.

This role requires regular in-office presence, including attending in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.#LI-Hybrid

SUPERVISORY RESPONSIBILITIES:

Analyst, Senior Analyst and Lead Analyst

DISCLAIMER:

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company's overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.