Sr. Manager, IT Security Operations
Oakland, California
e.l.f. Beauty
e.l.f. Beauty, Inc. stands with every eye, lip, face and paw. Our deep commitment to clean, cruelty free beauty at an incredible value has fueled the success of our flagship brand e.l.f. Cosmetics since 2004 and driven our portfolio expansion. Today, our multi-brand portfolio includes e.l.f. Cosmetics, e.l.f. SKIN, pioneering clean beauty brand Well People, Keys Soulcare, a groundbreaking lifestyle beauty brand created with Alicia Keys and Naturium, high-performance, biocompatible, clinically-effective and accessible skincare.
We have annual revenues of ~$900 million and our business performance has been nothing short of extraordinary with 20 consecutive quarters of net sales growth as we have grown to #3 mass cosmetics brand in the US and are the fastest growing brand among the top 5. Our total compensation philosophy offers every new hire competitive pay and benefits, bonus eligibility (200% of target over the last four fiscal years), equity given to every full-time employee as a part of their new hire package, flexible time off, year-round half-day Fridays, and a hybrid 3 day in office, 2 day at home work environment. We believe the combination of our unique culture, total compensation, workplace flexibility and care for the team is unmatched across not just beauty but any industry.
Position Summary:The IT Security Operations Sr. Manager is responsible for overseeing and managing the daily operations of the organization's information security program. This role involves planning, implementing, and monitoring security measures to protect the organization's computer systems, networks, and data. They collaborate with cross-functional teams, establish, and enforce security policies, and ensures compliance with industry regulations.
Responsibilities:
Security Operations Management:• Lead and manage the day-to-day operations of the IT security team.• Oversee the deployment and maintenance of security infrastructure, tools, and technologies. • Monitor security alerts, incidents, and vulnerabilities, and coordinate response and resolution efforts.
Incident Response and Investigation:• Develop and implement incident response plans to address and mitigate security incidents.• Conduct thorough investigations into security breaches and incidents, documenting findings and recommending corrective actions.• Collaborate with internal teams to ensure timely incident response and resolution.
Policy Development and Enforcement:• Develop, update, and enforce information security policies and procedures.• Ensure that security policies align with industry best practices and compliance requirements.• Conduct regular security awareness training for staff to promote a security-conscious culture.
Risk Assessment and Management:• Conduct regular risk assessments to identify and prioritize security risks.• Develop and implement risk mitigation strategies and controls.• Monitor and report on the effectiveness of risk management initiatives.
Collaboration and Communication:• Collaborate with IT, legal, and other departments to ensure a cohesive approach to security.• Communicate security-related information to executive leadership and stakeholders.• Foster strong relationships with external security partners and vendors.
Compliance:• Ensure compliance with relevant laws, regulations, and industry standards.• Conduct regular audits and assessments to verify compliance and identify areas for improvement.• Work with legal and compliance teams to address any regulatory requirements.
Security Awareness and Training:• Develop and deliver security awareness programs to educate employees on security best practices.• Compile and analyze data for accurately timely reporting of activity.• Provide ongoing training and communication to keep the organization informed about emerging security threats and trends. Qualifications:
• Bachelor’s degree in Information Technology, Information Security, or a related field. Master's degree is a plus.• 5+ proven experience in IT security operations, with a focus on leadership and management.• Preferred Industry certifications such as CISSP, CISM, or equivalent.• In-depth knowledge of security frameworks, standards, and best practices.• Strong understanding of risk management, incident response, and security technologies.• Detailed understanding of the MITRE ATT&CK Framework and/or the Cyber Kill Chain• Excellent communication and interpersonal skills.
Technical Knowledge:• Extensive knowledge of cloud security technologies (Azure Infrastructure, AWS, GCP, SaaS, IAM)• Excellent knowledge of Security related systems (i.e., Firewalls, SASE, EDR/MDR, Vulnerability Management, Patch Management, SIEM, NAC, etc.)• Proficient knowledge and experience with networking technologies (i.e., WAN connectivity, access points, network switches, load-balancers, routing protocols, firewalls, VPNs, VLANs, LAN Segmentation methodologies, etc.)• High proficiency with the following disciplines: Directory services (LDAP, AD), DNS, anti-malware/virus technologies, IDS/IPS, WIPS, mobility, PC and Mac computing, Azure AD and Office 365 ecosystem, network security, disaster recovery, SOX compliance This job description is intended to describe the general nature and level of work being performed in this position. It also reflects the general details considered necessary to describe the principal functions of the job identified, and shall not be considered, as detailed description of all the work required inherent in the job. It is not an exhaustive list of responsibilities, and it is subject to changes and exceptions at the supervisors’ discretion.
e.l.f. Beauty respects your privacy. Please see our Job Applicant Privacy Notice (www.elfbeauty.com/us-job-applicant-privacy-notice) for how your personal information is used and shared.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure CISM CISSP Cloud Compliance Cyber Kill Chain DNS EDR Firewalls GCP IAM IDS Incident response IPS LDAP Malware MITRE ATT&CK Monitoring Network security Privacy Risk assessment Risk management SaaS SASE SIEM SOX VPN Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity Flex vacation Salary bonus Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs