Lead, Cybersecurity Architecture & Operations

Culligan Water

Rosemont, IL

JOB DETAILS
SALARY
$140,000–$180,000 Per Year
SKILLS
Amazon Web Services (AWS), Application Programming Interface (API), Applications Security, Architectural Design, Automation, CCSP - Cisco Certified Security Professional, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Coaching, Communication Skills, Computer Security, Cost Control, Document Management, Ecosystems, Enterprise Architecture, Enterprise Protection, Error Handling, Establish Priorities, External Audit, GCIA - GIAC Certified Intrusion Analyst, GCIH - GIAC Certified Incident Handler, GCP (Good Clinical Practices), GIAC - Global Information Assurance Certification, ISO (International Organization for Standardization), Identity Data Management, Incident Response, Information/Data Security (InfoSec), Internal Audit, Internet Security, Leadership, Legal, Machine Tool, Maintain Compliance, Manufacturing, Mentoring, Microsoft Windows Azure, Onboarding, PCI-DSS, Performance Metrics, Product Lifecycle, Python Programming/Scripting Language, Regulations, Regulatory Compliance, Risk, Risk Analysis, Salesforce.com, Sarbanes-Oxley Act (SOX), Scripting (Scripting Languages), Security Analysis, Security Architecture, Security Compliance, Security Information and Event Management (SIEM), Service Level Agreement (SLA), Software as a Service (SaaS), Supplier Relationship Management (SRM), Technical Strategy, Technology Analysis, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), Use Cases, Vendor/Supplier Relations, Windows PowerShell
LOCATION
Rosemont, IL
POSTED
2 days ago

Position: Lead, Cybersecurity Architecture & Operations

Supervisor: Global Chief Information Security Officer

Location: Rosemont, IL

Summary:

We are seeking a seasoned, self-motivated, hands-on cybersecurity leader to serve as the technical anchor of our global security program. Reporting directly to the Global CISO, you will own the architecture and day-to-day operation of our core security capabilities-SaaS and data security posture management, vulnerability management, SIEM, and SOC operations-across a complex, global environment.

This is a player-coach role for someone who wants both strategic influence and technical depth: you will design the architecture, then roll up your sleeves to build, tune, and run it. You will also play a key role in maturing our security controls, evidence, and audit readiness.

Responsibilities:

  • Security architecture: Define and maintain the enterprise security architecture and reference patterns across cloud, SaaS, network, endpoint, and identity domains.
  • SSPM: Deploy, operate, and continuously tune our SSPM platform; drive remediation of SaaS misconfigurations, risky integrations, and identity/permission sprawl across the global SaaS estate.
  • DSPM: Lead DSPM implementation and operations-discover, classify, and protect sensitive data across cloud and on-premises stores; partner with privacy and legal on data governance.
  • Vulnerability management: Own the end-to-end vulnerability management lifecycle: scanning coverage, risk-based prioritization, remediation SLAs, exception handling, and executive reporting across global infrastructure and applications.
  • SIEM: Administer and optimize the SIEM platform-log source onboarding, parsing, detection engineering, use-case development, and cost/ingestion management.
  • SOC operations: Run day-to-day SOC operations, including oversight of MSSP/MDR partners; mature triage, escalation, and incident response playbooks; lead and coordinate response to security incidents across time zones.
  • Audit and Compliance: Strengthen controls, documentation, and evidence to support SOX ITGC and internal/external audits; conduct application and technology security assessments to evaluate risk and ensure compliance with security standards.
  • Threat-informed defense: Track threat actor activity relevant to our industry and translate it into detections, hardening priorities, and leadership briefings.
  • Global collaboration & mentorship: Partner with IT, infrastructure, application, and business teams across regions; mentor analysts and engineers and raise the technical bar of the broader team.
  • Tooling & automation: Evaluate, select, and integrate security tooling; manage vendor relationships and drive consolidation and automation where it adds value.

Requirements:

  • 6+ years of progressive, hands-on experience in cybersecurity engineering, architecture, and/or security operations.
  • Deep, practitioner-level experience with SSPM and DSPM platforms (e.g., deploying, operating, and driving remediation at scale).
  • Proven ownership of an enterprise vulnerability management program, including risk-based prioritization and remediation governance.
  • Hands-on experience administering a SIEM (e.g., detection engineering, log onboarding, tuning) and managing or overseeing a SOC, including MSSP/MDR relationships.
  • Strong working knowledge of cloud security (AWS, Azure, and/or GCP), identity and access management, and SaaS ecosystems (e.g., M365, Salesforce, Workday).
  • Experience operating in a global, multi-region environment with distributed teams and follow-the-sun coordination.
  • Excellent communication skills-able to brief executives, write clear standards, and influence engineers without direct authority.
  • Self-starter who operates with minimal direction and drives initiatives from concept to steady-state operation.

Preferred Qualifications:

  • Experience supporting SOX ITGC controls or operating in a public company environment.
  • Familiarity with frameworks and regulations such as NIST CSF, ISO 27001, CIS Controls, GDPR, and PCI DSS.
  • Scripting/automation skills (Python, PowerShell, APIs) and experience with SOAR platforms.
  • Relevant certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GDSA), or cloud security certifications (AWS/Azure security specialty, CCSP).
  • Experience in manufacturing, consumer products, or other distributed-operations industries.

What Success Looks Like:

  • SSPM and DSPM platforms are fully operational, with a measurable reduction in SaaS misconfigurations and unprotected sensitive data.
  • Vulnerability management SLAs are defined, reported, and trending in the right direction across all regions.
  • SIEM detection coverage mapped to MITRE ATT&CK with documented, tested response playbooks; SOC/MSSP performance metrics in place.
  • Security controls and evidence ready to withstand internal and external audit scrutiny.

Work Arrangements:

This is a hybrid position based at our Rosemont, IL office, with three days per week onsite. Occasional travel and flexibility for calls across global time zones is expected.

Target Salary Range: $140,000 - $180,000 year plus bonus. Exact pay will be based on factors including, but not limited to relevant education, qualifications, experience, level, geographic location, and business and organizational needs. Full-time positions are eligible for competitive benefits, including: paid time off, health, dental, vision, life, disability benefits and 401(k).

About the Company

C

Culligan Water