At SpartanNash, relationships matter, and our Corporate team takes that sentiment to heart in the way we work as one totally aligned team, support and respect each other and share the highest standards of excellence. We’re always looking for the next great idea or a new way to approach a challenge, and we collaborate and innovate to achieve our goals.
Position Summary
The Information Security Operations Manager will be responsible for maintaining and advancing the enterprise-wide information security operations program to ensure that data, information assets and critical infrastructure are adequately protected. This role will support strategic direction, policy and *provide* standard development and process mapping for Information Security, leveraging quality and risk as key components to the overall program.
Responsibilities and Essential Duties
Contributes to the development and implementation of a strong Information Security practice at SpartanNash.
Oversight of the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
Day-to-day management of Information Security Operations.
Manage Security Operations activities and personnel.
Oversees security monitoring practice and analysis of security alerts.
Supervise all investigations and provide on-going communication with stakeholders and senior management.
Lead and/or support the design and execution of vulnerability assessments, penetration tests and security audits.
Acts as a point of escalation for the team and collaborates with enterprise teams in the event of an incident.
Handles and escalates security incidents as defined in the incident response procedures
Facilitates and participates in eDiscovery and forensic investigations with outsourced vendors
Prepares reports or necessary documentation for leadership to detail security evaluations and/or incidents
Establishes Information Security processes for the team
Oversee the deployment, integration and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise?s security documents specifically.
Ensure that projects are completed on time and within allocated budget.
Supervise, mentor and train team members to ensure that job requirements are being properly meet and completed on time.
Delegate work assignments and coach team members to ensure systems are implemented according to specifications and standards.
Contribute to the design and deployment of information security awareness training for all coworkers to ensure consistently high levels of compliance with SpartanNash?s Information Security Program.
Contributes to the establishment, documentation and enforcement of SpartanNash?s Information Security Policy.
Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new vulnerabilities, attacks and threat vectors.
Partner with IT leaders to instill Information Security industry best practices across IT including development, third-party software support, database administration, enterprise architecture, etc.
Knowledge, Skills Abilities
? Bachelor?s degree in Computer Science or related field or demonstrated equivalent work experience. ? 7 years experience in an IT Security Role. ? 3 years leadership experience. Other Required Qualifications ? Advanced knowledge of Microsoft and various Unix Operating Systems vulnerabilities. ? Comprehensive knowledge of TCP/IP protocol suite, Cisco networking equipment, and firewall/DMZ design and best practices ? Expert knowledge of Intrusion Detection, Prevention, security solutions ? 7-10 years of experience in security concepts, response protocols and information management. ? Excellent verbal and written communication skills with the ability to effectively interact with all stakeholders including senior leadership.
? Proven history of balancing multiple priorities simultaneously with the ability to adapt to the changing needs of the business while meeting deadlines. ? Strong attention to detail and critical thinking skills. ? Demonstrated ability to coach and mentor others. ? Strong process documentation skills.
Preferred Qualifications ? Recognized Technical certifications associated to Information Security ? An industry recognized certification such as CISSP, SANS/GIAC, Cisco CCCSP ? Project Management experience.
Equal Opportunity Employer – minorities/females/veterans/individuals with disabilities/ orientation/gender identity.