Posted in

Senior Manager of Cyber Security Operations

Senior Manager of Cyber Security Operations

CompanyDutch Bros
LocationScottsdale, AZ, USA
Salary$172897.75 – $172897.75
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior

Requirements

  • Bachelor’s degree (BA/BS) in a related discipline, or 4 additional years of related experience, required
  • A minimum of 6 years of experience in infosec roles that provide a background in IT areas such as software development, infrastructure, operations, and incident response, is required
  • Proven experience managing a SOC and implementing vulnerability management, and DLP
  • Strong knowledge of cybersecurity technologies, MDR, EDR, SIEM, SOAR, Vulnerability Management tools and best practices
  • Thorough understanding of SOX, CCPA, PCI, NIST, and CIS18
  • Previous experience in SaaS-heavy environments and vendor management
  • Deep experience with risk management, threat modeling, and vulnerability assessment
  • Can lead without authority. Ability to lead, mentor, and develop a high-performing cybersecurity team, fostering a collaborative and growth-oriented environment
  • Expertise in managing high-pressure, time-sensitive incidents and making quick, informed decisions under stress
  • In-depth knowledge of current and emerging cyber threats, with the ability to apply advanced detection methodologies to stay ahead of risks
  • Familiarity with cloud security frameworks, controls, and best practices for securing cloud environments (e.g., AWS, Azure, Google Cloud)

Responsibilities

  • Develop and manage critical security programs by implementing best practices throughout the various technologies across Dutch Bros to identify and reduce risk to acceptable levels
  • Design workflow and processes for Security Operations Center (SOC)
  • Manage and optimize the day-to-day operations and tools of the SOC, ensuring effective monitoring, detection, and response to security incidents
  • Develop and implement SOC processes and procedures to improve efficiency and effectiveness with increased focus on new capabilities and advanced threat detection
  • Oversee the incident response process, ensuring rapid identification, containment, eradication, and recovery from security incidents
  • Conduct post-incident reviews and implement lessons learned to enhance security measures
  • Partners with IT and GRC teams to maintain readiness, incident response plans, to include building playbooks and conducting simulations ensuring preparedness across the organization
  • Lead the vulnerability management program, including vulnerability assessments, prioritization, and remediation strategies
  • Collaborate with IT and development teams to ensure timely patching and vulnerability mitigation
  • Establish metrics on the status of the program and inform leadership on areas for opportunity
  • Oversee the DLP strategy, ensuring the protection of sensitive data across all platforms and preventing unauthorized access or data exfiltration
  • Conduct regular audits and assessments to evaluate DLP effectiveness and compliance
  • Develop programs and awareness to improve CCPA, GDPR, PCI, and SOX processes
  • Act as the ambassador for the third-party risk program, integrating departments into the evaluation and decision-making processes
  • Partner with Legal to align contractual language with any inherent risk
  • Foster a culture of Privacy by Design
  • Map regulated data lifecycle from collection to destruction
  • Ensure appropriate protections and controls are in place for data elements
  • Determine appropriate tools to automate and streamline processes where possible
  • Collaborate with other departments to identify and reduce risk while ensuring company practices are in compliance where relevant
  • Evangelize scorecards against NIST and CIS standards to track the improvement of security across programs
  • Foster team mentality centered around business benefits from security initiatives
  • Actively participate in hiring processes and onboarding of new employees and vendors
  • Plan, assign and support workloads for direct reports
  • Grow and mentor security talent
  • Set reasonable stretch performance goals, provide balanced, regular performance feedback, and conduct tri-annual performance reviews
  • Recognize and reward performance excellence
  • Provide leadership, direction, and training to improve information security awareness
  • Other duties as assigned

Preferred Qualifications

  • A Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification, is preferred