Target Hires GM Exec As First CISO

10 Ways To Fight Digital Theft & Fraud

Target has hired a General Motors executive to oversee the company's information security and technology risk strategy following the 2013 data breach that exposed personal details of 70 million Target customers.

General Motors chief information security and information technology risk officer Brad Maiorino will join Target as the company's first CISO and senior vice president on June 16, the company said. Maiorino has also held the CISO position at General Electric.

Maiorino will report to Target CIO Bob DeRodes, who joined the company on May 5. The reporting structure is a vote of confidence for DeRodes, said Jonathan Feldman, CIO of Asheville, N.C., and an InformationWeek columnist "This is not an external watchdog on the IT group. He's reporting to the CIO," he said. "The big meta-question here is how both the CIO and CISO will balance over-reaction versus under-reaction."

[Target's new CIO faces tough challenges. Read 5-Step Plan For New Target CIO.]

Former Target CEO Gregg Steinhafel announced in March a set of plans to overhaul the company's information security and compliance practices following the December breach. Among them was filling the CIO position formerly held by Beth Jacob, who resigned in March; hiring a chief compliance officer; and creating the new CISO position. Target has not yet hired a chief compliance officer.

"Having led this critical function at two of the country's largest companies, [Maiorino] is widely recognized as one of the nation's top leaders in the complex, evolving areas of information security and risk," DeRodes said in a statement. "As an organization, we have made a commitment to our guests and our team that Target will be a retail leader in information security and protection. We believe [Maiorino] is the right person to lead that change."

In addition to the new hires, Target detailed other steps that it took following the 2013 breach. The company has since enhanced monitoring, segmentation, logging, and security of accounts, plus installation of application whitelisting on point-of-sale systems, it said in the announcement.

Target has also increased hiring of information security employees, requires annual data security training for all employees, and runs a 24-hour security operations center to monitor for suspicious activity, the company said in a letter to the SEC last week.

"I am looking forward to joining the Target team and helping them continue the progress they have made to be a retail leader in information security and protection,” Maiorino in a statement. “I am confident that the combination of a strong team and the leadership commitment will enable us to achieve that objective.”

The appointment of Maiorino as CISO comes a day before Target's annual shareholder meeting, at which proxy advisory firm Institutional Shareholder Services recommended that shareholders vote out seven of the company's 10 directors, saying the board failed to manage risks that led to the data breach.

IBM, Microsoft, Oracle, and SAP are fighting to become your in-memory technology provider. Do you really need the speed? Get the digital In-Memory Databases issue of InformationWeek today.