Cyber Security Manager
Description
What Defines a FirstCash Cybersecurity Manager:
FirstCash Holdings, Inc. is the leading international operator of pawn stores and a leading provider of technology-driven point-of-sale payment solutions, both focused on serving cash and credit-constrained consumers. The FirstCash Cybersecurity Manager plays a pivotal role in ensuring the organization’s compliance with data security standards and regulatory requirements. This position oversees essential areas such as IT Disaster Recovery and IT Configuration Management, ensuring that security processes, controls, and lifecycles are both effective and aligned with company policies.
By implementing industry best practices, the Cybersecurity Manager ensures adherence to standards like Sarbanes-Oxley and Payment Card Industry (PCI) regulations, while actively identifying and addressing potential security risks. Through close collaboration with teams across the organization, this role develops solutions that effectively balance practicality with robust protection, raises awareness of security threats, and provides strategic guidance to support informed decision-making at the executive level.
Who is FirstCash?
FirstCash’s more than 3,000 pawn stores in 29 U.S. states and the District of Columbia and in Latin America, which includes all the states in Mexico and the countries of Guatemala, Colombia and El Salvador, sell a wide variety of jewelry, electronics, tools, appliances, sporting goods, musical instruments and other merchandise, and make small non-recourse pawn loans secured by pledged personal property.
FirstCash, through its wholly owned subsidiary, AFF, also provides lease-to-own and retail finance payment solutions for consumer goods and services through a nationwide network of over 13,000 active retail merchant partner locations.
The Company employs almost 20,000 people between the U.S. and Latin America. FirstCash is a component company in both the Standard & Poor’s MidCap 400 Index® and the Russell 2000 Index®.
What We Offer:
- Comprehensive Medical, Dental, Vision, Life, Supplemental, and other voluntary options (eligibility required).
- Employees are granted one week of paid vacation after completing six months of active, full-time service. Eligible employees are grantedan additional week (40 hours) of vacation after completing one (1) year of active employment and two (2) weeks (80 hours) of vacation on each anniversary date thereafter (*if applicable, the PTO/Vacation grant is adjusted in accordance with state/local municipality requirements). 120 hours after five (5) years.
- SICK/PERSONAL: Eligible employees are granted 8 hours (after 6 months of employment) to be used before their first (1st) anniversary and granted 16 hours each anniversary thereafter (years 2-5) (if applicable, sick time is adjusted and granted in accordance with state/local municipality requirements). 24 hours after five (5) years.
- Auto-enrollment in the FirstCash 401k program after six (6) months of employment.
- Tuition Reimbursement with FirstCash Education (allowing UP TO $2,000 per year) is available to full-time employees who meet the minimum program requirements.
- Access to over 10,000 discounts from 1,000+ companies with FirstCash Perks!
- Access to the FirstCash Pet Insurance program
Essential Job Duties:
- Lead the cybersecurity department within the IT organization, focusing on IT data security, disaster recovery, and compliance initiatives. Serve as the central point of contact, collaborating with internal teams and departments across the organization.
- Develop, execute, and refine IT compliance processes and monitoring/testing methodologies to ensure alignment with regulatory and organizational standards.
- Act as the primary IT liaison for internal and external audits, including PCI, SOX, SOC 2, and NIST audits, ensuring enterprise-wide security compliance.
- Oversee the creation and implementation of IT audit and compliance corrective action plans as necessary.
- Collaborate with organizational teams to identify current and emerging internal and external security vulnerabilities, devising strategies to mitigate information security risks effectively.
- Conduct periodic self-audits on processes and policies to maintain ongoing compliance with regulations and standards.
- Ensure the presence of robust IT controls to meet current and future compliance requirements under laws and regulations, such as the Sarbanes-Oxley Act and Payment Card Industry (PCI) Standards.
- Provide oversight into the IT organization's security configurations and periodically review controls and policies, recommending and implementing improvements as needed.
- Identify and deploy tools and architectures to enhance data network security.
- Manage the implementation of security measures for critical systems to safeguard enterprise data and operations.
Team Leadership and Management:
- Lead a team of six cybersecurity professionals, providing direction, mentorship, and support to achieve departmental goals and objectives.
- Operate independently with minimal direction, ensuring efficient and effective performance.
- Manage relationships with 7 to 10 external vendors, ensuring quality service delivery and alignment with organizational security needs.
- Set clear goals and objectives for both individual contributors and the broader reporting structure, fostering a culture of accountability and excellence.
Minimum Qualifications:
- Bachelor's degree in a related field (Business/Computer Science degree preferred).
- CISSP, CISM, NIST, PCI and Security+ Certifications.
- Extensive knowledge of CIS, SOX, SOC 2 controls.
- Strong foundational knowledge of DevOps Security.
- Minimum of 6 years of experience in IT Policies and Procedures development and implementation.
- Ability to manage complex project efforts. Including but not limited to deploying security applications across the enterprise and conducting enterprise vulnerability assessments.
- Strong interpersonal and communication skills; capable of working closely with upper management.
- Excellent communication skills, verbal and written.
- Demonstrated leadership skills with the ability to drive initiatives.
- Consistently display the ability to interact and communicate across all levels of the organization.
- Establishes and maintains strong working relationships with groups involved with information security and compliance matters such as the Legal Department, Internal Audit, and HR.
Preferred/Bonus Certifications:
- Information Technology Infrastructure Library Standard (ITIL).
- Cisco Certified Network Associate (CCNA).
- Cisco Certified Network Professional (CCNP).
- Microsoft Certified Solutions Expert (MCSE).
Note: The information contained in this description is not intended to be an all-inclusive list of the duties and responsibilities of this job or the skills and abilities required to do the job. Management has the discretion to assign/reassign duties and responsibilities to this job at any time. Duties and responsibilities may be subject to change at any time due to reasonable accommodation or other reasons.
Should you be offered and accept a position with us, the company requires all employees to agree to a binding arbitration agreement to certain disputes.
Submission of your application confirms your “opt-in” desire to receive additional phone, text and email communications from the FirstCash Talent Acquisition Team. These communications include information about the specific job being applied for and other potential opportunities available within the FirstCash job opportunity network. Message and data rates may apply. You can unsubscribe to text messages by replying STOP within the message at any time. You can unsubscribe from email communications by clicking unsubscribe, within the email, at any time. Visit https://firstcash.com/privacy-policy for additional questions or information.
Should you be offered and accept a position with us, the company requires all employees to agree to a binding arbitration agreement to certain disputes.
Submission of your application confirms your “opt-in” desire to receive additional phone, text and email communications from the FirstCash Talent Acquisition Team. These communications include information about the specific job being applied for and other potential opportunities available within the FirstCash job opportunity network. Message and data rates may apply. You can unsubscribe to text messages by replying STOP within the message at any time. You can unsubscribe from email communications by clicking unsubscribe, within the email, at any time. Visit https://firstcash.com/privacy-policy for additional questions or information.
FirstCash Holdings, Inc. is an Equal Opportunity Employer
It is the policy of FirstCash to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, FirstCash will provide reasonable accommodation for qualified individuals with disabilities.