Senior Manager, Cyber Security

Peet's Coffee & Tea Inc

Emeryville, CA

JOB DETAILS
SALARY
SKILLS
Analysis Skills, Budget Management, CISSP - Certified Information Systems Security Professional, Career Development, Cisco Network Systems, Cloud Computing, Coaching, Communication Skills, Computer Science, Computer Security, Corporate Compliance, Cost Effectiveness Analysis, Detail Oriented, Employee Assistance Plan, Enterprise Architecture, Enterprise Protection, Establish Priorities, Human Resources Management, Information Assets, Information Technology & Information Systems, Information/Data Security (InfoSec), Intellectual Property (IP), Internet Security, Java IDE (Integrated Development Environments), Juniper Networks Product Family, Leadership, Legal, Manufacturing, Mentoring, Microsoft Product Family, Microsoft Windows Azure, Multitasking, Negotiation Skills, Network Security, Organizational Development/Management, Organizational Skills, People Management, Professional Services, Project/Program Management, Regulations, Resource Management, Risk, Risk Analysis, Risk Management, Security Analysis, Security Architecture, Security Attacks, Security Information and Event Management (SIEM), Security Monitoring, Strategic Planning, Team Lead/Manager, Team Player, Technical Analysis, Time Management, Training Program, Vendor/Supplier Management
LOCATION
Emeryville, CA
POSTED
30+ days ago

Peetniks are passionate and authentic, learners and doers, committed to the pursuit of better. The only thing we love more than coffee is our people. Peet's is seeking a Senior Manager, Cyber Security to lead and mature the company's enterprise cyber security program. This role is responsible for the strategy, execution, and day-to-day management of information security capabilities that protect Peet's people, customers, and information assets. The Senior Manager will partner closely with IT, Digital, Legal, Compliance, and business leaders to enable secure business outcomes while managing risk in a pragmatic, business-aligned manner.

Reporting to Director of Infrastructure and Security, this role focuses exclusively on cyber security and IT risk management and serves as a hands-on leader who can operate both strategically and tactically.

Responsibilities:

Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.

Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.

Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.

Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.

Develop and manage information security budgets and monitor them for variances.

Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.

Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.

Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.

Liaise with the JDE Peets global security and enterprise architecture teams to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.

Coordinate information security and risk management projects with resources from the IT organization and business unit teams.

Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.

Ensure that security programs are compliant with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.

Liaise among the information security team and Peet's corporate compliance, audit, legal and HR management teams as required.

Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.

Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the companys reputation.

Act as an escalation point for complex security issues and risk decisions.

Financial Discipline and Vendor Management:

Identifying the right balance of in-house versus professional services consultants to meet the demand for services

Negotiate favorable software and professional services contracts with reputable vendors

Drive effective governance and engagement with partners and suppliers to ensure cost effectiveness and timely deliverables

Keep informed of issues and risks across all technology organizations, anticipate impact, and mitigate risks

Critical Skills & Behaviors for Success:

Results-orientation: Gets things done, with both a short and long-term view in mind

Pragmatic and outcome-oriented, leveraging data to make decisions

Thrives in a fast-paced, agile environment with excellent organizational skills and ability to re-prioritize on a consistent basis

Excellent planning and organizational skills, along with a high degree of detail orientation

A hands-on and adaptable leadership style with commitment to driving results

Collaboration focus in all interactions: Provide coaching and learning opportunities to teams ensuring leading edge practices

Influential to colleagues and peers coming from a "we" orientation

Collaborative with the ability to build trusting relationships across a diverse and potentially global workforce

Essential Skills/Knowledge:

Ability to communicate clearly and concisely

Considerable people management skills; capable of acting as leader, advisor, mentor, and coach

Excellent analytical and critical thinking skills

Business and stakeholder relationship building experience

Responsiveness to change and leads as a change agent

Essential EQ/IQ Requirements:

Contributes as an integral part of the management team of the organization

Accepts change and is flexible, focusing on action and outcomes

Makes complex decisions for tough problems; embraces collaboration and teamwork

Thrives within a fast-paced work environment; perseveres with tenacity

Manages multiple projects, separating mission critical from the non-strategic with minimal supervision

Tackles issues and challenges as they arise; doesn't avoid confrontation

Embraces a spirit of hospitality with fellow employees and external members

Demonstrates respect and promotes a supportive environment

Qualifications:

Skills and Professional Requirements:

Bachelor's degree in computer science, engineering, information systems, business, or a related discipline is required

10+ years of progressive experience in information security, IT risk, or cyber security roles

5+ years of experience leading and managing security teams, including direct and matrixed resources

CISSP certification is a plus

Expertise in PCI, SOX, and HIPAA security requirements and the certification process for each

Experience with Cisco, Juniper, Palo Alto Networks, Meraki, Trustwave, Microsoft and their network security technology capabilities

Familiarity with cloud environments (Azure preferred) and associated security controls

Experience with Operational Technologies (OT) security in a manufacturing environment

Experience partnering with Legal, Compliance, Audit, and HR on security and risk matters

Direct experience endpoint detection and response providers

Direct experience with cloud-based SIEM providers

Experience with identifying and selecting security technologies to enable best in class security capabilities

This description outlines the role's essential functions but may evolve with business needs.

What We Offer:

We're proud to offer a comprehensive package for full-time employees, including:

Recharge Time - Paid vacation, holidays, and sick days

Health & Wellness - Medical, dental, and vision coverage

Future You - 401(k) plan with generous match program to help you save

Peace of Mind - Life insurance, disability, and options for HSAs and FSAs

Everyday Perks - Free coffee, fresh baked goods, and discounts

Growth & Support - Career development and an Employee Assistance Program when you need it

The target annual base salary range for this position is $160k -180$k. The actual base salary offered will depend on a variety of factors, including the applicant's qualifications, years of relevant experience, specific and unique skills, level of education, certifications or licenses, other legitimate non-discriminatory business factors, and the geographic location of the role. In addition to base pay, individuals in this position may also be eligible to earn bonuses.

Additional Information:

At Peet's, we believe in creating an inclusive workplace where everyone feels welcome. We are proud to be an Equal Opportunity Employer. We welcome qualified applicants of all backgrounds and do not discriminate based on race, color, creed, religion, gender, age, marital status, national origin, sexual orientation, gender identity, citizenship status, disability, genetic information, uniform service, veteran status, or any other category protected under federal, state, or local laws. Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local ordinances.

About the Company

P

Peet's Coffee & Tea Inc