Senior Director, Information Technology - Security Operations

Lensa is a career site that helps job seekers find great jobs in the US. We are not a staffing firm or agency. Lensa does not hire directly for these jobs, but promotes jobs on LinkedIn on behalf of its direct clients, recruitment ad agencies, and marketing partners. Lensa partners with DirectEmployers to promote this job for Performance Food Group. Clicking "Apply Now" or "Read more" on Lensa redirects you to the job board/employer site. Any information collected there is subject to their terms and privacy notice.

134000BR

Job Title

Senior Director, Information Technology - Security Operations

Location:

West Creek-Richmond Corp (0999)

Job Description

We Deliver the Goods:

• Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much more
• Growth opportunities performing essential work to support America's food distribution system
• Safe and inclusive working environment, including culture of rewards, recognition, and respect
  
  

Position Summary

Performance Food Group is looking for a talented Security Operations professional to lead PFG's Security Operations team. Reporting to the Chief Information Security Officer, this individual will oversee all aspects of PFG's security monitoring, detection, response, and vulnerability & exposure management disciplines. The leader will be responsible for directly managing a team of internal Security Operations team members and oversee various third party Managed Security Service and professional services providers, as well as leading matrixed and cross functional information technology and line of business delivery and incident specific response teams in readiness preparation and response to incidents. The successful candidate will have an insaciable passion for finding weaknesses in systems and monitoring for threats against them, keeping pace with and adapting to evolving threats, and leading PFG's response to anything that threatens company data and systems, as well as customer, vendor, and associate data.

Major Functional Responsibilities

• Work with Security Engineering and Administration and Cloud Services Teams residing in PFG's Enterprise Technology Services department to oversee their implementation and management of security related capabilities; Access Control, Directory Services, NetSecOps - Firewall, IDS/IPS, Endpoint Protection, Email Threat Protection, Web Application Firewall, Microsegmentation/Workload Protection capabilities.
• Lead and directly manage PFG's Red Team and Blue Team units, which focus on offensive (e.g. penetration testing, vulnerability scanning) and defensive (monitoring, triage, response) security operations
• Manage and mentor and mentor internally staffed security analysts and oversee outsourced managed security service providers including 24/7 Security Operations Center Level 1 monitoring services, and provider's implementation, enhancement, and support of Security Incident and Event Mangement (SIEM) and Security Orchastration and Automated Response (SOAR) capabilities. Manage vendor relationships, contract, service level agreements, and reporting.
• Establish key metrics and reporting associated with Security Operations, including the definition of metrics, acceptance tolerances, and reporting/performance against established objectives Lead PFG's security education and awareness and insider threat programs, including computer based training, mock phishing, threat advisory communications disciplines
• Own, manage, and update PFG's Security Incident Response Plan and associated readiness of its application, developing and incorporating playbooks and runbooks for tactical, scenario specific security event and incident management. Facilitate directly or commission the execution of pre-incident readiness excercises, from tabletop excercises with technology teams and IT/business leadership, to purple team technical exercises that replicate real world attack scenarios and real time response.
• Oversee daily security event triage, serve as Major Incident Manager during notable incidents, and support workforce investigations attributed to HR, legal matters and violations of company polices. Ensure all notable security incidents follow security incident lifecycle stages, including post mortems, and inform needed continuous improvement in prevention, detection, and response capabilities
• Work with other external stakeholders and scenario specific participants to PFG's Security Incident Response plan, including law enforcement, retained Security Incident Response provider, cyber insurance carriers/brokers, legal, privacy, and public relations, crisis management, and forensics suppliers
• Maintains future Security Operations strategy, contributing as a component to PFG's rolling 3 year Information Security Strategy.
• Contributes to infrastructure and application architecture standards, and provides a feedback loop of needed improvements to SecOps team members, outsourced Managed Security Service Providers, infrastructure and application teams, that foster improvements in system vulnerabilities/exposure and PFG's ability to detect and respond to cyber threats.
• Performs other related duties as assigned.
  
  

This position will be out of one of our offices located in Richmond, Virginia; Dallas, Texas; or Denver, Colorado. Applicant must be located near one of these locations.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Req Number

134000BR

Address Line 1

12500 West Creek Pkwy

Job Location:

Nationwide, United States

Shift

1st Shift

Full Time / Part Time

Full Time

EEO Statement

Performance Food Group and/or its subsidiaries (individually or collectively, the "Company") provides equal employment opportunity (EEO) to all applicants and employees, regardless of race, color, national origin, sex, marital status, pregnancy, sexual orientation, gender identity, religion, age, disability, genetic information, veteran status, and any other characteristic protected by applicable local, state and federal laws and regulations. Please click on the following links to review: (1) our EEO Policy (http://pfgc.com/Policy) ; (2) the "EEO is the Law" poster (http://pfgc.com/Poster) and supplement (http://pfgc.com/Supplement) ; and (3) the Pay Transparency Policy Statement (http://pfgc.com/PayTransparency) .

Required Qualifications

• Bachelor's degree
• 10 Years experience
• Demonstrated experience and knowledge of leading Security Operations teams and managing major incidents, including those with ransomware and breached data
• Strong teamwork and interpersonal skills
• Hold relevant security certifications or willingness to pursue additional certifications
• Continuous learning mindset
• Experience with managing penetration testing engagements, compromise assessments including those against both network/infrastructure and web applications
• Experience leading/managing vulnerability and exposure management capabilities and associated governance, including Working knowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)
• Exemplary written and verbal communication skills, specifically the ability to train technical teams and line of business leaders on Security Incident Response Processes, brief stakeholders during incidents, and report writing/publishing.
• Proficient in forensic investigation and analysis of computer based systems, eDiscovery, and legal/privacy aspects of security incident management Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)
• Experience with Microsoft Entra, Cisco/Fortinet Security Systems (VPN, Firewall, IDS/IPS) Defender EDR, Guardicore Workload Protection/Microsegmentation, Tenable Vulnerability Management, Elastic SIEM, Cisco Umbrella
• Advanced knowledge of networking, cloud computing (IaaS/PaaS) security, access controls, endpoint security
• Proficient in contract management, negotiation, SLA management, and vendor relationship management - Proficient in regulatory requirements and statutes associated with security incident and data breach disciplines, including but not limited to Security and Exchange Commission Cyber Incident Disclosure Rule, Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), California Privacy Rights Act (CPRA) Ability to work in a highly matrixed
• Demonstrated high level of analytical and problem solving skills
• Ability to influence cross functional stakeholders and work in highly matrixed organizational structure and federated governance
  
  

Division

Performance Food Group

Job Category

Information Systems

Preferred Qualifications

• Masters/MBA
• 10 Years experience
• Proficient in Data Classification and Data Loss Prevention technologies and processes
• Familiarity with Mergers and Acquisition, specifically SecOps considerations related to pre-integration exposure management, deployment of security capabilities for visibility/protection pre-infrastructure integration, and delivery of security operations capabilities as part of wholistic IT integration playbook.
• Preferred Professional Certification(s): Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH/CSIH), Certified Forensic Analyst (GCFA)
• Preference given to candidates located in Richmond, VA Dallas, TX or Denver, CO
  
  

State

Virginia

Company Description

Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, Va. Grounded by roots that date back to a grocery peddler in 1885, PFG has a nationwide network of approximately 150 distribution centers, 35,000-plus talented associates, and thousands of valued suppliers across the country. With the goal of helping customers thrive, PFG markets and delivers quality food and related products to independent and chain restaurants, schools, business and industry locations, convenience operations, healthcare facilities, vending distributors, office coffee service distributors, big box retailers, and theaters across the U.S.

Benefits

Click Here for Benefits Information (https://pfgc.com/Careers.aspx#benefits)

Compensation

$170,000 - $200,000 60% Bonus Opportunity

If you have questions about this posting, please contact support@lensa.com