Program Manager Technology, Cybersecurity & Privacy (Hybrid - Seattle, WA)

The Nordstrom Cybersecurity & Privacy organization is accountable and responsible for the overall security posture of the company. A key part of that responsibility is to aid management in making decisions in how to respond to technology operational business risk which may impact the security posture and cause harm to the enterprise. ​This position works with the Risk Management team to analyze data and create insights they need to make risk responses. It combines program management skills with broad security domain knowledge; rigorous risk framework foundational knowledge; and insightful, business-relevant analysis. The program this role supports has huge potential to influence the direction and future of Nordstrom Technology. 

A day in the life… 

• Design, deliver, and manage the security risk management portfolio 

• Establish and maintain relationships with key partners in the security, risk, legal, privacy, groups with a focus on understanding shared objectives and increasing risk visibility 

• Optimize and streamline operating processes supporting the risk lifecycle 

• Articulate and quantify risk scenarios for risk team and partners 

• Provide real-time and periodic views into data and models that give risk insights needed for leadership discussions 

• Use data to quantify measures for program success  

• Build, test and use software applications or tools to support the risk program and risk partner teams 

• Participate in the continuous evolution of security within a team of highly skilled and passionate professionals 

You own this if you have… 

• 4+ years of demonstrated successful program management and delivery experience; BA/BS in a relevant field of study is preferred  

• Proven and foundational program and project management skills 

• Ability in designing and managing data-oriented processes to generate insights and solving problems based on those insights 

• Mid-level understanding of a broad range of security topics, such as networking, cloud security, secure software, cryptography; CISSP or equivalent is a plus 

• Risk management method experience such as COSO, COBIT, ISO 31000, NIST SP800-30/39; CRISC or equivalent  

• Industry/regulatory security compliance frameworks knowledge such as ISO 27000, PCI DSS, NIST SP800-53  

• Cyber risk quantification capabilities using FAIR or equivalent  

• Base level knowledge of technology (e.g. Cloud, APIs, services, Windows stack, open source, database technologies, etc.) 

• Strong partnership and relationship development skills  

• A positive attitude through changing situations and expectations 

• Talent in collaborating, influencing, and building consensus through diplomacy  

• Solid presentation and verbal communication skills 

• A focus on solutions and enjoy identifying and removing barriers to problem solving