IT DRILLDOWN
Mobile
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Blogs and Discussion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
BONUS LINKS
 
Object
 


Thu, Oct 4, 2007 9:07 EDT

Is TJX Getting Its Act Together?

Posted by: Scott Berinato in News

Topic: Enterprise Management

Blog: Information Collective

Current Rating: 5 Comment: 1

What better way to say "Mea culpa" than with Job Code 07-2153. As noted in the Data Loss discussion list at attrition.org, The TJX Cos.--they of the biggest data breach publicized so far--is hiring an IT Security Architect Manager. No salary is listed but if you're interested, I would expect to be working late nights.

We tease. But looking at the job description, it certainly looks like TJX at least wants to give the appearance of trying to wrangle some sense out of the IT security that failed the company and led to tens of millions of lost customer transaction records, and an embarrassing string of announcements by the company which gave the appearance TJX really wasn't sure what was stolen when and how.

The job description sounds like the equal and opposite reaction to the breach. The first bulleted responsibility is breathtaking in its goals:

* Responsible for developing and documenting a comprehensive information security architecture and road-map for the company to ensure that technology design and controls are effectively aligned with corporate security policies and standards, as well as to increase the overall efficiency and effectiveness with which security controls for both new technologies and changes to existing technologies are designed and implemented within the organization.

That's a career in and of itself. And that's just the beginning. The job description goes on for nine more bullet points, alludes to an identity management project and asks for six or more years experience with all the proper certs (CISSP, CISM, CISA, &c.). In other words, TJX seems to be hiring a CISO, albeit one called an IT Security Architect Manager, likely in order to keep the pay grade lower.

The whole thing reads as if company muckitymucks said to a consultant, "Create a position that will help us get information security under control. Don't hold back. Put everything in we'd need." In fact, that's likely what happened, though we have no real evidence of it. As you may know, TJX hasn't exactly opened up to the press (and through the press, to its customers) about the breach. All of our calls certainly have been ignored.

This job posting was found on careers-TJX.com. We went to Monster.com to see if the job was posted there. Wouldn't that be delicious irony, a breached TJX using a jobs site that has seen its own security breach to advertise for an information security job?

Alas, TJX's information security architect manager position wasn't posted on Monster.

But dozens of openings for store detectives were....


Keywords:

CISO, information security, leadership, security, security breach, TJX

You do not have flash or javascript support.
Average (1 vote)
5
comment icon Reply
Digg this
Slashdot
Reddit
LinkedIn
 
All Comments Comments
 
Wed, Oct 10, 2007 9:25 EDT
TJX IT Security Architecture Manager
Anonymous user
Posted by: Anonymous
Rating: 90

Yes, this sounds exactly like TJX. If you take a look at other job descriptions, you'll note they pack everything into it, basically anything one could possibly do in a job. Make the description look like a C-level but call the position "assistant manager" or something of that sort and keep the paygrade as low as possible. That's TJX company policy, about the only policy that seems to be strictly followed and monitored.

You do not have flash or javascript support.
About this Blog

Tips, hints, and interesting tidbits for information technology professionals as collected by the editorial staff of CIO.

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 96 of IT's most insightful thinkers.

advertisement

  PARTNERS       PODCASTS       WEBCASTS    
 

From Laggard to Leader: Transforming the Data Center

This webcast offers an understanding of how customers are transforming their data centers, the successes and challenges of each approach, and how IT can become the driver to provide real business value and competitive advantage.

Sponsored by HP  Register for this Webcast »

 

Raising the Bar on Business Service Delivery

Applications drive every business, but as networks become more complex and dynamic, performance has become a key tenant in service delivery. In this CIO webcast, Forrester and Fluke Networks offer advice and best practices for ensuring high delivery with better application performance.

Sponsored by Fluke  Watch this webcast. »

 

The Universal Wireless Client

Learn how replacing multiple wireless clients with one Universal Wireless Client can cut support and help desk costs, increase end user satisfaction, improve security, and help implement Network Access Control.

Sponsored by Fiberlink  Read this White Paper »

More Partners »
Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

NAC launch from HP Procurve Podcast with Lippis Report, Part 1

ProCurve Networking by HP joins the Lippis Report to announce major product and organizational additions to their ProActive Defense strategy.  Read More »

 

Accenture's View on Web 2.0 and its impact on business

Publisher at CIO magazine, Bob Melk, talks to Accenture's Blair Jones about the emergence of Web 2.0...  Read More »

 

A Best-Practice Framework for Virtualization

This podcast offers insights and perspective on the various issues that relate to virtualization...  Read More »

More Podcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

CIO Viewpoints on Exchange 2007 Risks and Mitigation Strategies

Knowing where your peers have found limits and workarounds in areas including high availability, archiving, recovery, compliance, e-Discovery and storage growth can be essential in planning your successful Exchange 2007 migration.  Read More »

 

Where's the CIO? -- The Missing Link in Your SOA Strategy

In this webinar, you'll hear why the time is now to grow the value you've achieved at a project level to an enterprise-wide ROI, how to do it, and what role the CIO can play to make your SOA strategy a success....  Read More »

 

Data Protection: Challenges for the Traveling User

Business today often involves traveling to meet with customers and partners directly...  Read More »

More Webcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Blogs & Discussion Newsletter

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

A new level of interoperability. Make IT Work As One@novell.com

Affordable technology-no compromise. HP server solutions

Protect data-HP All-in-One and Disk-Based systems

See how IBM helped Bharti create a new business model

Read how IBM helped Hughes enhance security

HP LaserJet M3035 MFP series starting at $1,599. » SHOP NOW. www.hp.com

NEW HP Color LaserJet CM3530n MFP starting at $2,499. » SHOP NOW. www.hp.com

Learn about the software-based VoIP solution from Microsoft

Download the free CIO Starter Kit to access useful resources created by top CIOs

Log onto Hitachi True Stories, films inspired by the next great achievement

SOA Educational Library at the TIBCO SOA Resource Center

Operational Excellence Is Key to Maximizing IT Investments

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication Services: Simplify Identity Management

Data Protection: Challenges for the Traveling User

Check Point Endpoint Security - Unifying Essential Components

Learn how wide-area data services can help deliver the benefits of virtualization

The Handbook of Application Delivery: Everything You Wanted to Know but Didnt Know You Needed to Ask

A fresh look at the impact of customer intimacy.

Webcast: SOA Brings Backend Systems into the Future, Rapidly & Successfully

Find out why IDC thinks virtualization is changing operating environments.

Explore the impact virtualization can have on your bottom-line.

Save with 0% Lease Offer on HP Servers and Storage

The Customer Communications Management Platform - Key Functionality and Best Practices

Data Center ROI with RFID Asset Tracking

Predict the future with HP Insight Power Manager

Predict the future with HP Insight Power Manager

Microsoft SQL Server 2008. Read Case Studies, Watch Demos, & Download for Free

The 2008 CEO Study: Implications for the CIO

HP LaserJet P4014n printer starting at $799 after $100 IS. www.hp.com

NEW HP Color LaserJet CP3525n printer starting at $699. » SHOP NOW. www.hp.com

Businesses Transform with VMware Virtualization

CIO Starter Kit includes useful resources created by top CIOs. Free Download>>

Rolling the dice with your security? Take the Self-Assessment Test now

Strong Authentication. Secure USB data storage. One Device

Conquering Information Management Challenges

Learning from BPM Leaders

Quest Authentication and IBM Tivoli Identity Management

Get IDC's take on one company's foray into storage virtualization.

Revolutionizing Endpoint Security with a Single Agent

White Paper: Centralized Data Backup and Your WAN

White Paper: Accelerating the Next Phase of Virtualization

Learn how companies are changing how they reach out to their most profitable customers.

The Right and Wrong Master Data Management Strategies to Start Small and Grow Big

Learn how to leverage virtualization for a 74% savings in TCO.

Find out how you can affordably consolidate applications with VMware.

ESG Research on Server and Storage Virtualization

Webcast: Mitigate Operational Risk- Real Answers for Tough Times

Laptop Security: Where Do CIOs See Weaknesses?

How RFID Improves Data Center Efficiency