Sr Mgr, Information Security

Based in St. Louis, Core & Main is a leader in advancing reliable infrastructure with local service, nationwide. As a specialty distributor with a focus on water, wastewater, storm drainage and fire protection products and related services, Core & Main provides solutions to municipalities, private water companies and professional contractors across municipal, non-residential and residential end markets, nationwide. With over 370 locations across the U.S., the company provides its customers local expertise backed by a national supply chain. Core & Main's 5,700 associates are committed to helping their communities thrive with safe and reliable infrastructure. Visit coreandmain.com to learn more. Senior Manager, Information Security Engineering Job Summary The Senior Manager of Information Security Engineering leads all Information Security Engineers and is accountable for the strategy, delivery, reliability, and maturity of the organization's security engineering service areas, processes, and technologies. This role owns the security engineering technical stack and drives continuous improvement across security platforms, tooling, integrations, automation, and engineering standards. This leader partners closely with Security Operations, Incident Response, Compliance, Infrastructure, Legal, Audit, Risk, and business stakeholders to ensure security capabilities are effectively engineered, maintained, and improved to support the organization's security and regulatory objectives. Security Engineering Leadership Lead, develop, and mentor a team of Information Security Engineers responsible for the design, implementation, administration, and continuous improvement of security technologies and engineering processes. Own engineering accountability for security platforms, technical controls, integrations, automation, and supporting processes across the security program. Establish and enforce engineering standards for change control, identity hygiene, logging quality, detection reliability, platform resiliency, and operational supportability. Provide technical and business leadership that influences strategic planning, architecture decisions, and security roadmap priorities. Security Technology & Process Ownership Oversee the engineering lifecycle for security technologies, including selection support, implementation, optimization, maintenance, upgrades, and retirement. Identify tooling gaps, control weaknesses, operational friction points, and process inefficiencies, and drive improvements that increase effectiveness and reduce risk. Ensure security technologies are engineered and operated in a scalable, sustainable, and supportable manner. Develop and maintain engineering processes, documentation, standards, and playbooks that improve consistency and team effectiveness. Cross-Functional Partnership Partner with Security Operations, Incident Response, and Compliance teams to ensure security controls and technologies effectively support monitoring, investigations, response, evidence collection, and audit readiness. Collaborate with Infrastructure, Identity, Legal, Audit, HRIS, PMO, and other cross-functional teams to implement and sustain security requirements in a practical and operationally effective way. Translate technical security issues into concise, leadership-level risk and capability narratives to support decision-making and alignment. Delivery, Metrics, and Continuous Improvement Track and use meaningful engineering and operational metrics to demonstrate effectiveness, service quality, platform health, and improvement opportunities. Balance unplanned, high-priority operational engineering work with delivery of roadmap commitments and strategic initiatives. Drive maturity in engineering-related processes such as logging governance, access review enablement, platform administration, security automation, and control reliability. People Leadership Select, develop, motivate, and retain a high-performing team of security engineers. Coach engineers through technical escalations, complex problem-solving, and high-pressure operational events. Foster a culture of accountability, collaboration, operational excellence, and continuous improvement. Preferred Qualifications Bachelor's degree in computer science, Information Technology, Information Security, or related field, or equivalent relevant experience. 10+ years of progressive experience in information security, with significant focus on security engineering, security technologies, and operational enablement. Proven experience leading a security engineering team responsible for enterprise security tooling and technical controls.Strong leadership and people management skills, with experience developing and coaching teams of security professionals. In-depth knowledge of security technologies and controls such as network security, endpoint protection, identity and access security, privileged access concepts, logging and monitoring platforms, and security automation. Demonstrated success maturing engineering-related security processes such as log governance, access review enablement, detection reliability, control administration, and audit support. Ability to prioritize urgent operational work while continuing to deliver planned roadmap initiatives. Strong capability in translating technical security issues into concise, leadership-level communications and recommendations. Experience working cross-functionally with Legal, Audit, Infrastructure, HRIS, PMO, and other enterprise stakeholders. Familiarity with regulatory and control frameworks such as PCI, SOX, CCPA, and NIST 800-53. Excellent verbal and written communication skills, including the ability to communicate complex technical topics to non-technical stakeholders. Relevant certifications such as CISSP, CISM, or CISA are a plus. This information indicates the general nature and level of work performed by associates in this role. It is not designed to contain a comprehensive inventory of all duties, responsibilities, and qualifications required of associates assigned to this role. This description supersedes any previous or undated descriptions for this role. Management retains the right to add or change the duties of the position at any time. Core & Main is an Equal Employment Opportunity employer. Employment at Core & Main is based solely on a person's merit and qualifications directly related to professional competence. Core & Main does not discriminate against any employee or applicant on the basis of race, creed, color, religion, national origin, nationality, ancestry, age, disability, veteran status, pregnancy or related condition (including breastfeeding), affectional or sexual orientation, gender identity or expression, marital status, status with regard to public assistance, citizenship, or any other basis protected by law. None of the questions in this application are intended to elicit information regarding any protected characteristics, nor imply any limitation, illegal preferences or discrimination based upon non-job-related information or protected characteristics. For more information, please visit #J-18808-Ljbffr Core & Main