Greif offers a great working environment and the opportunity to make an immediate impact at a company where your ideas are always welcome.
Job Requisition #:
027767 Manager, Security Engineering and Engagement (Open)
Job Description:
Greif is a leading supplier of industrial packaging products and services, growing from its beginnings in Cleveland, Ohio, to a global footprint across more than 30 countries and 200-plus locations.
OUR VISION:
Be the best performing customer service company in the world.
OUR PURPOSE:
We create packaging solutions for life’s essentials.
ROLE OVERVIEW:
The Security Engineering and Engagement Manager (ISM) is a hybrid technical/managerial role reporting to the Senior Director of Global IT Security. The ISM serves as the interface between the strategic and process-based activities of the Sr. Director and the technology-focused activities of the IT Security team and other departments. The role coordinates the team’s security activities and provides regular updates to management. The role may lead one or more individuals in a supervisory capacity.
This role requires a strong technical background and an understanding of organizational priorities and business needs along with a risk mindset. The ISM will ensure that security measures are incorporated into strategic IT plans and that expectations are clearly defined. The role will work with business and IT stakeholders to balance risks with business drivers such as performance, agility, supportability, and acceptance.
The ISM must be able to prioritize work efforts while balancing a wide range of tactical and strategic activities. The ISM may be responsible for managing technical resources in a direct supervisory capacity or in project management roles. Documentation and presentation skills, analytical and critical thinking, identifying issues and taking initiative are important aspects of successful execution in this role.
Key Responsibilities:
Team Management:
- Lead one or more security professionals in execution of team goals, overseeing deliverables and assigning resources to meet targets.
- Align with leadership on performance plans and goals, and evaluate team talent accordingly; provide feedback and recognition to team members; participate in talent management processes.
- Evaluate, interview, and select candidates as necessary to fill staff openings.
Security Strategy, Governance, and Risk Management:
- Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives.
- Analyze security risks, including business-related risks, and recommend mitigations and plans to reduce the overall company risk profile.
- Develop recommendations for security program improvements to align with company risk tolerance and security goals.
- Develop and improve information security policies, procedures, and guidelines; assist with approval, tracking and reporting of security exceptions as the need arises.
- Understand major regulatory and legal issues and work with auditors to demonstrate processes and ensure appropriate controls are in place to meet compliance obligations.
Solution Acquisition & Deployment:
- Participate in the research, planning, selection, and implementation of security solutions, including but not limited to endpoint security, encryption, firewalls, identity management, authentication, intrusion detection, and gateway security controls.
- Review vendor capabilities and document selection criteria for security solutions.
- Conduct analysis of alternatives to determine best-fit solutions.
- Serve as a technical subject matter resource providing expertise in the security domain and provide technical direction to lead appropriate work on security related projects.
- Collaborate with other teams on key projects to ensure that security requirements and needed controls are identified and addressed throughout the project life cycle.
- Lead or participate in contracted security engagements as needed, including external assessments or penetration tests. Drive remediation or next steps discussions through partnership with internal and external business and IT.
Security Incident Response:
- Serve as a backup escalation contact for incidents reported by managed service security operations center.
- Analyze incident information and engage other IT resources as needed to resolve incidents promptly along with the incident response team.
- Recommend activation of incident response plan if needed; may serve as an incident commander or as a backup.
Operational Management:
- Maintain, manage, and monitor compliance with security control frameworks such as NIST, PCI and other state, federal, and international laws.
- Monitor the capabilities and performance of security solutions and partner with suppliers to correct issues promptly.
- Resolve problem tickets promptly with closed-loop engagement with internal or external customers.
- Engage in regular assessment of the current IT security environment to identify weaknesses and work with IT management to develop opportunities for improvements such as reducing complexity, reducing time and cost, and increasing operational effectiveness.
- Participate in the design, development, and delivery of security training and awareness programs, including phishing simulations, awareness articles, and training classes.
- Other duties as assigned.
Education and Experience:
- Bachelor’s Degree in the field of computer science, information systems, or information security and 5 years equivalent work experience
- Excellent organizational skills and a high degree of accuracy and attention to detail required.
- Ability to work independently and in a team environment while meeting deadlines with minimal direct supervision required.
- Certification (CISSP, GSEC, or equivalent) preferred
Knowledge and Skills:
- Knowledge of technological trends and developments in technology relating to security and risk management, threats, defensive technologies, industry experts, etc.
- Knowledge of information security standards, data privacy laws, computer crime laws, and federal data protection laws, etc.
- Strong knowledge of enterprise security technologies, e.g., Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI), Encryption, Firewalls, Intrusion Detection/Prevention, and Endpoint Security Platforms.
- Understanding of and experience with network protocols including switches, routers and routing technologies.
- Strong working knowledge of cloud security concepts, Microsoft Windows Server environments, Microsoft Exchange, virtual servers, and other enterprise-wide applications.
- Knowledge of information security audit and assessment methodologies, policies, standards, procedures and best practices.
- Ability to conduct risk management assessments.
- Provide assistance with identification, prioritization and remediation of information systems vulnerabilities.
- Experience working with managed solutions providers for security components such as antivirus and managed detection and response (MDR) vendors.
- Proven knowledge of systems development life cycle methodologies.
- Ability to work in a flexible environment where requirements and procedures continuously evolve.
- In some circumstances, may be contacted in emergencies on a 24x7 basis
- Highly self-motivated and self-directed.
- Ability to absorb new ideas and concepts quickly.
- Strong analytical and troubleshooting abilities.
- Has a keen attention to detail.
- Ability to effectively prioritize and execute tasks in high-pressure situations.
- Ability to make technical decisions with limited resources and precedence.
- Very strong customer service orientation.
- Strong written, oral, interpersonal, and presentational skills.
- Experience working in a team-oriented, collaborative environment.
- Ability to use discretion and handle sensitive/confidential information.
The above list of duties is intended to describe the general nature and level of work performed by persons assigned to this classification. It is not to be construed as an exhaustive list of duties performed by the persons so classified, nor is it intended to limit or modify the right of any supervisor to assign, direct and control the work of associates under supervision.
At Greif, your work has purpose, colleagues care about your well-being, and you have the opportunity to grow and thrive. Service and leadership are the core of everything we do. Our global presence provides us a platform to do good in the world.
Scheduled Weekly Hours:
40
Compensation Range:
The pay range for this position is $ 145,000.00 to $ 175,000.00 per year. The base pay offered for this position may vary based on market data and other factors, such as job-related knowledge, skills, experience, and geographic location. The position may be eligible for a short-term incentive in addition to base pay.
Benefits Statement:
Greif offers a comprehensive benefits package, including medical, dental, paid time off, and other competitive benefits which are available for eligible colleagues effective day one.
EEO Statement:
https://www.greif.com/wp-content/uploads/2023/04/HR-101-Equal-Employment-Opportunity-Policy-English.pdf
We offer a competitive salary, excellent benefits and opportunity for growth. Greif, Inc. is an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of sexual orientation, gender identity, race, gender, religion, age, national origin, color, disability, or veteran status. EOE/Minority/Female/Disabled/Veteran. For more information read Greif’s Equal Opportunity Policy.