Job Description

Company Overview:

Party City Holdco Inc. (PCHI) is a global leader in the celebrations industry, with its offerings spanning more than 70 countries around the world. PCHI is also the largest vertically integrated designer, manufacturer, distributor, and retailer of party goods in North America.

PCHI operates across multiple businesses within its Retail Division and Consumer Products Division. On the retail side, Party City (partycity.com) is the leading omnichannel retailer in the celebrations category, operating more than 800 company-owned stores, franchise stores, and Halloween City (halloweencity.com) seasonal pop-up stores. The Consumer Products Division includes design and manufacturing entities Amscan, an industry leader in celebration décor, tableware, costumes, and accessories, and Anagram, the global market leader in foil balloons.  

PCHI is headquartered in Woodcliff Lake, N.J. with additional locations throughout the Americas and Asia.

Job Overview:

Reporting to the Sr. Manager, Cybersecurity, this Engineer will be responsible for safeguarding the company's computer systems and networks. They will design and implement security measures to protect sensitive data and systems from cyber threats, including hacking, malware, denial of service and other forms of cyberattacks.

The Cybersecurity Engineer is a hands-on role that requires an individual with a strong technical background, as well as an ability to work with the IT organization, to align priorities and plans with key IT objectives, and understand the business to properly align controls to risk.  A successful candidate will be responsible for the enforcement and implementation of security controls, policies and procedures which safeguard the integrity of and access to store, distribution, manufacturing, and enterprise systems.

Responsibilities and Duties:

• Design, implement, and monitor security measures for the protection of computer systems, networks, and information.
• Design computer security architecture and develop detailed cybersecurity designs.
• Perform vulnerability testing, risk analyses and security assessments
• Research security standards, security systems and authentication protocols
• Develop technical solutions and identify and implement new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Evaluate new technologies and processes that enhance security capabilities.
• Test security solutions using industry standard analysis criteria.
• Investigate intrusion incidents, conduct forensic investigations, and mount incident responses.
• Collaborate with colleagues on authentication, authorization, and encryption solutions.
• Respond to information security issues during each stage of a project’s lifecycle
• Review and approve modification of firewall rules, systems changes and other IT changes that could impact the security or integrity of PCHI data and systems.
• Test final security structures to ensure they behave as expected
• Consult with IT staff to ensure that security is factored into the evaluation, selection, installation of hardware, applications, and software.
• Participate in Incident Management and work collaboratively with Risk, Audit, and Legal teams. Conduct annual review and keep plans and documentation up to date.
• Provide company-wide security alerts to known vulnerabilities
• Stay current with the latest cyber security threat landscape and notify IT teams of applicability to the company’s systems.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements and information security policies and procedures.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Manage security projects and provide expert guidance on security matters for other IT projects.
• Helps facilitates training and education efforts as appropriate for Party City personnel related to security policies, procedures, practices, awareness and risks associated with technology, cyber and data security.
• Responsibilities sometimes require working evenings and weekends, sometimes with little advanced notice.

Skills Required:

• Knowledge of networking, common workstation and server platforms and protections, Linux, Active Directory, ecommerce, vulnerability management, cloud security and O365.
• Strong technical background in information systems, systems administration, network design, network traffic analysis, and cloud security
• Excellent problem-solving skills.
• Excellent communication skills, both written and oral
• Ability to work with both team members and internal customers in a collaborative environment.
• CISSP or equivalent preferred
• Knowledge of information security and compliance related issues involving PCI-DSS, Sarbanes-Oxley, data privacy, and similar regulations
• Knowledge of common exploits and attack vectors
• Experience with scripting languages such as PowerShell, shell scripting, etc. a plus
• Working knowledge of common security tools.

Qualifications:

• Minimum of 7 years of IT work experience with a broad range of exposure to network, systems, application support, and/or cloud computing
• Bachelor's Degree in Computer Science, Information Security, or other related field. Or equivalent work experience.
• 5+ years of experience with information security.
• CISSP or equivalent preferred