NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 CIO BlackBerry News and Tips
 CIO Research and Analysis
 CIO Microsoft
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 


Thu, Oct 4, 2007 9:07 EDT

Is TJX Getting Its Act Together?

Posted by: Scott Berinato in News

Topic: Enterprise Management

Blog: Web 2.0 Advisor

Current Rating: 5 Comment: 1

What better way to say "Mea culpa" than with Job Code 07-2153. As noted in the Data Loss discussion list at attrition.org, The TJX Cos.--they of the biggest data breach publicized so far--is hiring an IT Security Architect Manager. No salary is listed but if you're interested, I would expect to be working late nights.

We tease. But looking at the job description, it certainly looks like TJX at least wants to give the appearance of trying to wrangle some sense out of the IT security that failed the company and led to tens of millions of lost customer transaction records, and an embarrassing string of announcements by the company which gave the appearance TJX really wasn't sure what was stolen when and how.

The job description sounds like the equal and opposite reaction to the breach. The first bulleted responsibility is breathtaking in its goals:

* Responsible for developing and documenting a comprehensive information security architecture and road-map for the company to ensure that technology design and controls are effectively aligned with corporate security policies and standards, as well as to increase the overall efficiency and effectiveness with which security controls for both new technologies and changes to existing technologies are designed and implemented within the organization.

That's a career in and of itself. And that's just the beginning. The job description goes on for nine more bullet points, alludes to an identity management project and asks for six or more years experience with all the proper certs (CISSP, CISM, CISA, &c.). In other words, TJX seems to be hiring a CISO, albeit one called an IT Security Architect Manager, likely in order to keep the pay grade lower.

The whole thing reads as if company muckitymucks said to a consultant, "Create a position that will help us get information security under control. Don't hold back. Put everything in we'd need." In fact, that's likely what happened, though we have no real evidence of it. As you may know, TJX hasn't exactly opened up to the press (and through the press, to its customers) about the breach. All of our calls certainly have been ignored.

This job posting was found on careers-TJX.com. We went to Monster.com to see if the job was posted there. Wouldn't that be delicious irony, a breached TJX using a jobs site that has seen its own security breach to advertise for an information security job?

Alas, TJX's information security architect manager position wasn't posted on Monster.

But dozens of openings for store detectives were....


You do not have flash or javascript support.
Average (1 vote)
5
comment icon Reply
 
All Comments Comments
 
Wed, Oct 10, 2007 9:25 EDT
TJX IT Security Architecture Manager
Anonymous user
Posted by: Anonymous
Rating: 90

Yes, this sounds exactly like TJX. If you take a look at other job descriptions, you'll note they pack everything into it, basically anything one could possibly do in a job. Make the description look like a C-level but call the position "assistant manager" or something of that sort and keep the paygrade as low as possible. That's TJX company policy, about the only policy that seems to be strictly followed and monitored.

You do not have flash or javascript support.

Post new comment

* Subject:
* Username:
* E-mail:
The content of this field is kept private and will not be shown publicly.
Homepage:
* Body:
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <strike> <p> <br>
  • Lines and paragraphs break automatically.
More information about formatting options

* Denotes required field.
About this Blog

C.G. Lynch chronicles what matters (and what doesn't) in the world of social networking, Web 2.0 and consumer applications.

Hot Conversations

Take My Windows 7 Please: A Resale Tale

Posted by Shane ONeill in News | 6 comments

Home Depot vs. Trevor Keezer and The God Squad

Posted by Meridith Levinson in News | 9 comments

Millennials + Enterprise Software: Doomed to Fail

Posted by Thomas Wailgum in News | 8 comments

Microsoft Bails on Family Guy, Remains Uncool

Posted by Shane ONeill in News | 6 comments

Creating a Privacy Policy Part V

Posted by Ariel Silverstone in Best Practices | 1 comments

Start a Conversation
Click to post

Got something to say? We want to hear it! Click the Post button to get started. GO»

EXPERT ADVICE
See our roster of experts.

Advice & Opinion from more than 113 of IT's most insightful thinkers.

  PARTNERS       WEBCASTS    
 

Windows 7 Webcast Series

There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.

Sponsored by Microsoft  Listen to on-demand Recordings »

 

Service Level Management Best Practices Life Cycle Overview - Improve Service Levels

Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.

Sponsored by Compuware  Read this White Paper »

 

Keeping Your Members Safe from Online Scams and Predators

In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.

Sponsored by iovation  Read this White Paper »

More Partners »
Resource Alerts

Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.

More Podcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

Defend Against Blended Threats: What You Need to Know

Blended Web and email threats are becoming increasingly complex and represent a huge...  View Now »

 

Prescriptive Actions to Reduce Risk

In this Webcast, learn best practices for effective systems management in a heterogeneous environment and keep client systems cost under control.   View Now »

 

Webcast- Vantage 11: Redefining Application Performance Management

Compuware's latest release, Vantage 11, is a major advance in end-to-end application performance management--bringing together proactive issue identification, quantification of business impact and problem resolution into a single solution. Tune in to learn how Vantage 11's top-down approach helps you make better decisions and dramatically lower operations costs.  View Now »

More Webcasts »
Resource Alerts

Get instant email notification when white papers, webcasts, and case studies are added to our library. Don't just be up-to-date—be up to the minute with our new Resource Alerts.

 
NEWSLETTER

Sign-up for the Blogs & Discussion Newsletter

 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

See how AT&T can help protect your network.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

Increase UPS efficiency without sacrificing protection.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

A Clear View Toward Virtualization

Interactive Q&A helps you discover key ways to maximize IT assets.

Ready to virtualize tier one applications? Check your virtualization maturity.

Think you can't afford a Cisco Switch? Cisco Catalyst Switches are now more affordable.

Five minute business analytics assessment. Immediate results.

The Case for Investing in Business Analytics Technology. Read white paper.

White Paper: Right-Sizing Your Power Infrastructure

Webcast: Unleashing the Power of Customer Data

White Paper: Managed Security for a Not-So-Secure World

SharePoint - Unchecked growth of content is unsustainable.

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

Five-Step Mobility Management Plan

White Paper: Next Generation Remote Infrastructure Management

Disciplined Autonomy: Resolving the Tension Between Flexibility and Control

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

Virtualization Technology as a Business Solution

eZine: A Roadmap to Reducing IT Complexity

World-class trading technology solutions from NYSE Technologies.

If You're Paying for Telecom, You're Paying Too Much. Contact Asentinel Today.

Trade-In your old printer and save up to $1,000 plus free recycling!

infoBOOM! - The Mid-Sized Company CIO's Exclusive Community

Live Webinar: Applying Business Analytics. Click here to learn more

White Paper: 4 Customer Service Myths

Mobile Security: The Essential Ingredient for Today's Enterprise

White Paper: Improve Agility with Operational Responsiveness

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

Learn How Web Site Performance Impacts Shopper Behavior

IDC White Paper: CCM for IT Compliance and Risk Management

Tolly Group Lab Test Results: Cisco vs. ShoreTel