Manager, Security Operations

The Manager, Security Operations is responsible for maintaining and advancing the enterprise-wide information security operations program to ensure that data, information assets and critical infrastructure are adequately protected. This position supports strategic direction, policy and provides standard development and process mapping for Information Security, leveraging quality and risk as key components to the overall program.

Here’s what you’ll do: 

• Development and implementation of a strong Information Security practice at SpartanNash

• Oversight of the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories

• Day-to-day management of Information Security Operations

• Management of Security Operations activities and personnel

• Oversee security monitoring practice and analysis of security alerts

• Supervise all investigations and provide on-going communication with stakeholders and senior management

• Lead and support the design and execution of vulnerability assessments, penetration tests, and security audits

• Act as a point of escalation for the team and collaborate with enterprise teams in the event of an incident

• Handle and escalate security incidents as defined in the incident response procedures

• Facilitate and participate in eDiscovery and forensic investigations with outsourced vendors

• Prepare reports and necessary documentation for leadership to detail security evaluations and incidents

• Establish Information Security processes for the team

• Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents

• Ensure that projects are completed on time and within allocated budget

• Supervise, mentor, and train team members to ensure that job requirements are being properly meet and completed on time

• Delegate work assignments and coach team members to ensure systems are implemented according to specifications and standards

• Design and deploy information security awareness training for all coworkers to ensure consistently high levels of compliance with SpartanNash’s Information Security Program

• Establish, document, and enforce SpartanNash’s Information Security Policy

• Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new vulnerabilities, attacks and threat vectors

• Partner with IT leaders to instill Information Security industry best practices across IT including development, third-party software support, database administration, enterprise architecture. This position will work with the following tools and technologies: Rapid7, Microsoft O365 Security solutions, Microsoft Azure Cloud Security, Palo Alto Networks Firewalls, Security Orchestration and Automation Tools, Fireeye Helix, Zscaler, Infoblox, MS Project, Penetratin Testing using Kali Linux, F5, and Endpoint Security Technologies. Provide supervision to Analyst III, IT Security, Specialist Security Engineer and Security Engineer.

• Additional responsibilities may be assigned as needed. 

Here’s what you’ll need: 

• Bachelor's Degree (Required) in Computer Science, Computer Information Systems or related field or equivalent combination of education and/or experience. 

• 5+ years related experience. 

• Must also have 12 months of experience (which may have been gained concurrently) with each of the following:

  • Day-to-day management of Information Security Operations;

  • Facilitate and participate in eDiscovery and forensic investigations with outsourced vendors;

  • Prepare reports and necessary documentation for leadership to detail security evaluations and incidents;

  • Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents; and

  • Working with the following tools and technologies: Rapid7, Microsoft O365 Security solutions, Microsoft Azure Cloud Security, Palo Alto Networks Firewalls, Security Orchestration and Automation Tools, Fireeye Helix, Zscaler, Infoblox, MS Project, Penetratin Testing using Kali Linux, F5, and Endpoint Security Technologies.

• Demonstrated knowledge of operating systems, communications protocols, and security concepts, best practices and procedures. In-depth knowledge of compliance regulations (i.e., SOX, PCI, and HIPAA) required.  

• Must have knowledge of data network concepts, protocols, practices, and procedures, and strong knowledge of network management and security.  

• Experience with security subsystems (e.g., firewalls, VPN servers. IDS/IPS, etc.).  

• Must have working knowledge of all IT security areas (e.g., servers, desktops, voice, Internet, and web technologies, etc.) and experience in administration and configuration of log management tools/SIEM.  

• Strong working knowledge of PC, server and network technologies.  

• Excellent written and verbal communications skills; ability to communicate IT related information in a non-technical manner.  

• Excellent analytical, problem solving, troubleshooting, decision-making and project management skills.  

• Excellent organization, prioritization and attention to detail skills.  

• Ability to lead projects and provide work direction to others.