Director of Information Security

Job Summary: 

The Director, Information Security, is highly experienced in leading our global security program with a strong emphasis on Governance, Risk, and Compliance (GRC), Data Governance, and Application/Product Security. As a global eCommerce leader, protecting customer trust, safeguarding sensitive data, and ensuring compliance across multiple regions is a top priority. This role will drive strategy, execution, and oversight of enterprise-wide security initiatives, ensuring that business operations remain resilient, secure, and compliant.

Job Expectations:

• This is a leadership role that has accountability for identifying, evaluating, reporting, and managing information security risks in ways that meet security, compliance, and regulatory requirements with focus on GRC, Data Governance and Application/Product Security.

• Develop a vision and strategy for comprised of governance, risk management, that will include measurable goals, objectives, and metrics

• Design, develop, coordinate, and document the secure operation of information systems and develop best practices for securing enterprise-wide data and information systems

• Ensure application/product security practices align with relevant industry standards, regulations, and compliance frameworks. Lead efforts to maintain and obtain necessary certifications.

• Oversee the implementation of advanced security monitoring and analysis tools to detect and respond to security incidents and vulnerabilities 

• Evaluate the security posture of third-party cloud providers and vendors. Develop and implement strategies to manage and mitigate associated risks.

• Build, mentor, and lead a team of security engineering, product security, cloud security and GRC professionals. Foster a collaborative and innovative work environment that encourages skill development and knowledge sharing.

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

• Master’s degree in an Information Technology related field of study or equivalent post-high school education and/or work-related experience 

• Strong team leadership skills directing teams in Cybersecurity, Governance Risk and Compliance, Data Governance, Application/Product Security.

• Experience leading and developing a strategic, comprehensive enterprise information security management program

• 10+ years of experience in Cybersecurity, GRC, Data Governance, Application or Product security

• Experience implementing security practices in CI/CD environment

• Self-motivation and the ability to work under minimal supervision are a must

• Excellent at multitasking, and open to constant learning

• Excellent problem solving and analytical skills; outstanding oral and written communication skills

• Energetic and positive attitude

Governance, Risk & Compliance (GRC)

• Lead enterprise-wide cybersecurity GRC programs, ensuring compliance with international regulations (GDPR, CCPA, PCI DSS, SOX, etc.) and industry standards (ISO 27001, NIST CSF).

• Establish and maintain cybersecurity policies, frameworks, and risk management practices.

• Oversee third-party risk management and vendor security assessments.

• Partner with Legal, Compliance, and Internal Audit to support regulatory audits and certifications.

Data Governance & Protection

• Defining and enforcing data governance strategy, ensuring protection of sensitive customers, employees, and business data across systems.

• Implement data classification, retention, and handling practices aligned with global privacy regulations.

• Collaborate with data teams to integrate security controls into data platforms and analytics environments.

• Drive adoption of data loss prevention (DLP), encryption, and monitoring solutions.

Application/Product Security

• Build and lead a global application/product security program integrated into the software development lifecycle (SDLC).

• Define secure coding standards, conduct application security reviews, and champion DevSecOps practices.  Strong understanding of common security threats, i.e. OWASP Top 10 and mitigation

• Partner with engineering teams to embed security into CI/CD pipelines.

• Oversee penetration testing, vulnerability management, and remediation processes for applications and APIs.  In-depth knowledge of DevSecOps security tools and techniques for code analysis, vulnerability scanning, and risk assessment.

• In-depth knowledge of DevSecOps security tools and techniques for code analysis, vulnerability scanning, and risk assessment. Working knowledge of security frameworks, tools, and methodologies (e.g., SAST, SCA, DAST, threat modeling, etc.).

Leadership & Strategy

• Lead, mentor, and grow a global security team focused on GRC, data governance, and application security.

• Act as a trusted advisor to executive leadership and the board on emerging security threats and business risks.

• Develop multi-year cybersecurity strategy aligned with business objectives.

• Foster a security-first culture across the enterprise through training and awareness programs.

• Hands-on experience with Familiarity with cloud security and DevSecOps practices.

• Ensure adherence to relevant regulatory requirements and industry best practices related to product security (e.g., GDPR, NIST CSF, PCI, SOC2, OWASP, etc.).

Judgment/Reasoning Ability:  Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy.  Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.

Physical Demands: The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms.  Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. The Team Member may occasionally lift or move office products and supplies up to 25 pounds. Proper lifting techniques required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Work Environment: The noise in the work environment is usually moderate. Other factors are:

• Hectic, fast-paced with multi-level distractions

• Professional, yet casual work environment

• Office / Warehouse environment

• Ability to work extended hours as required

#LI-JC1

Staffing Agency Submission Notice
iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to staffingvendors@iherb.com. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization.

About iHerb
iHerb is on a mission to make health and wellness accessible to all. We offer Earth’s best-curated selection of health and wellness products, at the best possible value, delivered with the most convenient experience.

We’re the world’s largest eCommerce platform dedicated to vitamins, minerals, and supplements, and other health and wellness products. For more than 25 years, we’ve been making it simple for people all over the world to purchase the highest quality products. From supplements to skincare to grocery items, we ship over 50,000 products, from over 1,800 brands direct to our customers in 180+ countries.

Our vision is to become the #1 destination for health and wellness across the world.

With a passion for wellness and a mind for innovative solutions, iHerb team members share a vision for a healthier world that drives them each day. Our 5 Shared Values unite our global team:

Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly ·
Embrace Diversity & Inclusion · Strive for Simplicity

iHerb Benefits
At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well, and plan for their financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. For the comprehensive benefits list, visit www.iHerbBenefits.com. For our international team members, you may be eligible for benefits depending on the country where you are employed. The Talent Acquisition Partner/local HR representative will go over the benefits you are eligible for. 

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.