Cybersecurity , Governance , Risk Management

Target Selects a New CIO

Third IT Leader Since Massive Data Breach
Target Selects a New CIO
Mike McNamara, Target's new CIO

Target Corp. has replaced its "interim" CIO, who was named to the post last year following its massive 2013 data breach that compromised 40 million credit card numbers and exposed personal details on 70 million customers.

See Also: A Smarter Approach to Third-Party Vendor Risk: A Case Study

The retailer's new executive vice president and CIO is Mike McNamara, who was serving as CIO at UK-based Tesco PLC, a grocery and general merchandise retailer. McNamara was instrumental in modernizing Tesco's IT and supply chain worldwide, which helped establish Tesco as an e-commerce pioneer that's now one of the world's largest online grocers, according to Target's announcement. He replaces Bob DeRodes, who joined Target in May 2014 and is now retiring (see: Target Hires New CIO).

McNamara will report to Target Chairman and CEO Brian Cornell, who joined the firm in August 2014 (see: Target Names New CEO Following Breach). He'll have oversight of the company's technology team and operations, including information security, and will help shape enterprise strategy as a member of Target's leadership team, according to the retailer.

"Last year, following the resignation of our previous CIO, we stated that we were seeking an interim CIO to lead us through the near-term transformation of our information security and compliance structure and practices," says Target spokesperson Katie Boylan. "[DeRodes] was hired to help enhance data security and guide the company's information technology roadmap, and he did just that."

During his tenure, DeRodes hired Brad Maiorino as the company's first chief information security officer and helped prepare Target for the 2014 holiday season, Target says. DeRodes now will serve for a brief time in a senior advisory role to Target, the retailer says.

"[DeRodes] joined Target during a very challenging but important moment for the company," Cornell, the CEO, says. "I'm grateful for the progress that [DeRodes] and his team have made, and for the foundational IT work that's been done to set Target up for future success."

Analyzing Target's CIO Shuffle

The shuffle in CIOs started when Beth Jacob resigned in March 2014 following the breach (see: Target to Hire New CIO, Revamp Security). At the time of her resignation, Greg Steinhafel, former Target chairman, president and CEO, said Jacob's leaving was "a difficult decision," but noted that "this was a time of significant transformation for the retail industry and for Target."

Following her departure, it made sense for Target to have the CIO role filled with someone with DeRodes' level of experience, "regardless of how long he was to hold the role, so as to mollify the concerns of critics," says Al Pascual, director of fraud and security at Javelin Strategy and Research. DeRodes has more than 40 years of experience in information technology, data security and business operations. He was a senior information technology adviser for the Center for CIO Leadership, the U.S. Department of Homeland Security, the U.S. Secretary of Defense and the U.S. Department of Justice. He has also held top technology positions at a number of multinational companies.

The turnover Target has experienced in such a pivotal role "is understandable in a situation such as this," says Shirley Inscoe, an analyst at the consultancy Aite Group. "However, if additional turnover occurs, it should be interpreted as a very negative sign."

Starting out in his new position, McNamara should begin by establishing a strong working relationship with Maiorino, the CISO, Pascual says. "Together, they will need to ensure that there is clear and actionable reporting all the way up to senior leadership on major security issues, which was one of their most serious deficiencies before the breach," he says.

McNamara also needs to work with the CISO to identify any data security risks that have not yet been addressed and develop a timeline for necessary action, Inscoe says.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network