NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO Blogs and Discussion
 CIO Web 2.0
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 


Thu, Oct 4, 2007 9:07 EDT

Is TJX Getting Its Act Together?

Posted by: Scott Berinato in News

Topic: Enterprise Management

Blog: Web 2.0 Advisor

Current Rating: 5 Comment: 1

What better way to say "Mea culpa" than with Job Code 07-2153. As noted in the Data Loss discussion list at attrition.org, The TJX Cos.--they of the biggest data breach publicized so far--is hiring an IT Security Architect Manager. No salary is listed but if you're interested, I would expect to be working late nights.

We tease. But looking at the job description, it certainly looks like TJX at least wants to give the appearance of trying to wrangle some sense out of the IT security that failed the company and led to tens of millions of lost customer transaction records, and an embarrassing string of announcements by the company which gave the appearance TJX really wasn't sure what was stolen when and how.

The job description sounds like the equal and opposite reaction to the breach. The first bulleted responsibility is breathtaking in its goals:

* Responsible for developing and documenting a comprehensive information security architecture and road-map for the company to ensure that technology design and controls are effectively aligned with corporate security policies and standards, as well as to increase the overall efficiency and effectiveness with which security controls for both new technologies and changes to existing technologies are designed and implemented within the organization.

That's a career in and of itself. And that's just the beginning. The job description goes on for nine more bullet points, alludes to an identity management project and asks for six or more years experience with all the proper certs (CISSP, CISM, CISA, &c.). In other words, TJX seems to be hiring a CISO, albeit one called an IT Security Architect Manager, likely in order to keep the pay grade lower.

The whole thing reads as if company muckitymucks said to a consultant, "Create a position that will help us get information security under control. Don't hold back. Put everything in we'd need." In fact, that's likely what happened, though we have no real evidence of it. As you may know, TJX hasn't exactly opened up to the press (and through the press, to its customers) about the breach. All of our calls certainly have been ignored.

This job posting was found on careers-TJX.com. We went to Monster.com to see if the job was posted there. Wouldn't that be delicious irony, a breached TJX using a jobs site that has seen its own security breach to advertise for an information security job?

Alas, TJX's information security architect manager position wasn't posted on Monster.

But dozens of openings for store detectives were....


Keywords:

CISO, information security, leadership, security, security breach, TJX

You do not have flash or javascript support.
Average (1 vote)
5
comment icon Reply
 
All Comments Comments
 
Wed, Oct 10, 2007 9:25 EDT
TJX IT Security Architecture Manager
Anonymous user
Posted by: Anonymous
Rating: 90

Yes, this sounds exactly like TJX. If you take a look at other job descriptions, you'll note they pack everything into it, basically anything one could possibly do in a job. Make the description look like a C-level but call the position "assistant manager" or something of that sort and keep the paygrade as low as possible. That's TJX company policy, about the only policy that seems to be strictly followed and monitored.

You do not have flash or javascript support.
About this Blog

C.G. Lynch chronicles what matters (and what doesn't) in the world of social networking, Web 2.0 and consumer applications.

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 108 of IT's most insightful thinkers.

  PARTNERS       WEBCASTS    
 

Preparing for the Next Cyber Attack

Ensure you are up-to-speed on the latest security technologies available to keep your network safe in this Executive Guide. Get a thorough assessment of the corporate security threat landscape. Protect your network with data leakage protection, NAC and other technologies explained in this report.

Sponsored by Qwest  Read this Executive Guide »

 

Cloud Building: 8 Ingredients for Internal Clouds

Cloud computing: a fundamentally new way to deploy IT services and functions cost-effectively and quickly. Learn how the VMware vCloud initiative dramatically improves how consumers access their information and experience applications as well as the 8 ingredients to get you going.

Sponsored by VMWare  Read this White Paper »

 

Investing in Business Analytics Technology

You're thinking now is the time to take the plunge into business analytics, but you still have some unanswered questions. This research summary addresses the most common questions and concerns surrounding the successful launch of a business analytics initiative. It also includes real-world examples of organizations already getting return on their investment.

Sponsored by SAS  Read this White Paper »

More Partners »
Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

More Podcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

Improving Transparency and Accuracy in IT Cross Charging

During this Webcast you'll learn how KBC Group implemented SAP BusinessObjects Profitability and Cost Management and realized many benefits.   View Now »

 

Cost Savings and Risk Reduction with Effective Systems Management

Join us and see how Novell can help you respond to today's economic challenges by increasing productivity, reducing costs and aligning IT initiatives with overall business goals.  View Now »

 

Capitalize on Your SAP Content

Learn ways to improve your content management by viewing these Open Text webinars today.  View Now »

More Webcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Blogs & Discussion Newsletter

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Introducing the new HP ProLiant G6 server family

Accenture: Outsourcing for Competitive Advantage. More...

Better spam protection with Postini for just $1/user/mo

Introducing the new HP ProLiant G6 server family

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Accenture IT Consulting: Logical meets technological. More . . .

The Fraudster Economy Model: Operating a Business in the Underground

Trade in your old laser printer and get up to $1000 back!

Taking the Service Desk to the Next Level

Revolutionizing Enterprise Application Deployment

Why Data Loss is Increasing--and What You Can Do About It

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Build a High-Performance Open Web Platform

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Losing Ground: 2009 TMT Global Security Survey

Stop Application Fraud at the Source with Device Reputation

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

Learn how to save 30% through project & portfolio management.

How Open Source is Changing the Face of Enterprise Software

8 Key Ingredients to Building an Internal Cloud

Accenture IT Consulting: Enabling high performance. More...

Top Five CIO Challenges

Insight makes it easy to spend your Microsoft subsidy check.

Five minute business analytics assessment. Immediate results.

Dangerous Collaboration Practices: 5 Ways IT Can Minimize Risk

Accenture: Outsourcing for uncertain times. Click to learn more.

The Case for Investing in Business Analytics Technology. Read white paper.

Live Webinar: Applying Business Analytics. Click here to learn more

Seven Ways ITIL Can Help You in an Economic Downturn

Developing A Dynamic, Real-Time IT Infrastructure

Maximizing the Business Value of the PC Infrastructure

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

How Interactive Viewer Reduces the Effort to Meet Visualization Requirements

Top-line Performance that's Bottom-line Efficient

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

The Global Marketplace Today: Strategies for Tough Times

Top 10 Business and IT Drivers for the Wealth Management Sector

5 Steps to Automating Accounts Payable

Bottom-Line Benefits of Virtualization