Senior Manager, Cyber Security

Peetniks are passionate and authentic, learners and doers, committed to the pursuit of better. The only thing we love more than coffee is our people.Peet’s is seeking a Senior Manager, Cyber Security to lead and mature the company’s enterprise cyber security program. This role is responsible for the strategy, execution, and day-to-day management of information security capabilities that protect Peet’s people, customers, and information assets. The Senior Manager will partner closely with IT, Digital, Legal, Compliance, and business leaders to enable secure business outcomes while managing risk in a pragmatic, business-aligned manner.Reporting to Director of Infrastructure and Security, this role focuses exclusively on cyber security and IT risk management and serves as a hands-on leader who can operate both strategically and tactically.Salary$160,000 – $180,000LocationEmeryville, CA – Hybrid, 3 days onsiteResponsibilitiesDevelop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.Develop and manage information security budgets and monitor them for variances.Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.Liaise with the JDE Peets global security and enterprise architecture teams to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.Coordinate information security and risk management projects with resources from the IT organization and business unit teams.Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.Ensure that security programs are compliant with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.Liaise among the information security team and Peet’s corporate compliance, audit, legal and HR management teams as required.Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.Act as an escalation point for complex security issues and risk decisions.Financial Discipline and Vendor Management:Identifying the right balance of in-house versus professional services consultants to meet the demand for servicesNegotiate favorable software and professional services contracts with reputable vendorsDrive effective governance and engagement with partners and suppliers to ensure cost effectiveness and timely deliverablesKeep informed of issues and risks across all technology organizations, anticipate impact, and mitigate risksCritical Skills & Behaviors for SuccessResults-orientation:Gets things done, with both a short and long-term view in mindPragmatic and outcome-oriented, leveraging data to make decisionsThrives in a fast paced, agile environment with excellent organizational skills and ability to re-prioritize on a consistent basisExcellent planning and organizational skills, along with a high degree of detail orientationA hands-on and adaptable leadership style with commitment to driving resultsCollaboration focus in all interactions:Provide coaching and learning opportunities to teams ensuring leading edge practicesInfluential to colleagues and peers coming from a “we” orientationCollaborative with the ability to build trusting relationships across a diverse and potentially global workforce.Essential Skills/Knowledge:Ability to communicate clearly and conciselyConsiderable people management skills; capable of acting as leader, advisor, mentor, and coachExcellent analytical and critical thinking skillsBusiness and stakeholder relationship building experienceResponsiveness to change and leads as a change agentEssential EQ/IQ Requirements:Contributes as an integral part of the management team of the organizationAccepts change and is flexible, focusing on action and outcomesMakes complex decisions for tough problems; embraces collaboration and teamworkThrives within a fast-paced work environment; perseveres with tenacityManages multiple projects, separating mission critical from the non-strategic with minimal supervisionTackles issues and challenges as they arise; doesn’t avoid confrontationEmbraces a spirit of hospitality with fellow employees and external membersDemonstrates respect and promotes a supportive environmentQualificationsSkills and Professional RequirementsBachelor’s degree in computer science, engineering, information systems, business, or a related discipline is required10+ years of progressive experience in information security, IT risk, or cyber security roles.5+ years of experience leading and managing security teams, including direct and matrixed resources.CISSP certification is a plusExpertise in PCI, SOX, and HIPAA security requirements and the certification process for each.Experience with Cisco, Juniper, Palo Alto Networks, Meraki, Trustwave, Microsoft and their network security technology capabilities.Familiarity with cloud environments (Azure preferred) and associated security controls.Experience with Operational Technologies (OT) security in a manufacturing environmentExperience partnering with Legal, Compliance, Audit, and HR on security and risk matters.Direct experience endpoint detection and response providersDirect experience with cloud- based SIEM providersExperience with identifying and selecting security technologies to enable best in class security capabilitiesThis description outlines the role’s essential functions but may evolve with business needs.What We Offer:We’re proud to offer a comprehensive package for full-time employees, including:Recharge Time – Paid vacation, holidays, and sick days.Health & Wellness – Medical, dental, and vision coverage.Future You – 401(k) plan with generous match program to help you save.Peace of Mind – Life insurance, disability, and options for HSAs and FSAs.Everyday Perks – Free coffee, fresh baked goods, and discounts.Growth & Support – Career development and an Employee Assistance Program when you need it.The target annual base salary range for this position is $160k –180$k. The actual base salary offered will depend on a variety of factors, including the applicant’s qualifications, years of relevant experience, specific and unique skills, level of education, certifications or licenses, other legitimate non-discriminatory business factors, and the geographic location of the role. In addition to base pay, individuals in this position may also be eligible to earn bonuses.Additional InformationAt Peet’s, we believe in creating an inclusive workplace where everyone feels welcome. We are proud to be an Equal Opportunity Employer. We welcome qualified applicants of all backgrounds and do not discriminate based on race, color, creed, religion, gender, age, marital status, national origin, sexual orientation, gender identity, citizenship status, disability, genetic information, uniform service, veteran status, or any other category protected under federal, state, or local laws. Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local ordinances. #J-18808-Ljbffr