Senior Manager, Cyber Security

Peetniks are passionate and authentic, learners and doers, committed to the pursuit of better. The only thing we love more than coffee is our people. 

Peet’s is seeking a Senior Manager, Cyber Security to lead and mature the company’s enterprise cyber security program. This role is responsible for the strategy, execution, and day-to-day management of information security capabilities that protect Peet’s people, customers, and information assets. The Senior Manager will partner closely with IT, Digital, Legal, Compliance, and business leaders to enable secure business outcomes while managing risk in a pragmatic, business-aligned manner.

Reporting to Director of Infrastructure and Security, this role focuses exclusively on cyber security and IT risk management and serves as a hands-on leader who can operate both strategically and tactically.

Salary

$160,000 – $180,000

Location
Emeryville, CA – Hybrid, 3 days onsite

Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
• Facilitate information security governance through implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
• Develop, maintain and publish up-to-date security policies, standards and guidelines, and oversee training and dissemination of security policies and practices.
• Create, communicate and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from partners, consultants and other service providers.
• Develop and manage information security budgets and monitor them for variances.
• Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
• Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders through the enterprise on identifying acceptable levels of residual risk.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Liaise with the JDE Peets global security and enterprise architecture teams to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
• Ensure that security programs are compliant with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
• Liaise among the information security team and Peet’s corporate compliance, audit, legal and HR management teams as required.
• Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
• Act as an escalation point for complex security issues and risk decisions. 

 Financial Discipline and Vendor Management:

• Identifying the right balance of in-house versus professional services consultants to meet the demand for services
• Negotiate favorable software and professional services contracts with reputable vendors
• Drive effective governance and engagement with partners and suppliers to ensure cost effectiveness and timely deliverables
• Keep informed of issues and risks across all technology organizations, anticipate impact, and mitigate risks

Critical Skills & Behaviors for Success

Results-orientation:

• Gets things done, with both a short and long-term view in mind
• Pragmatic and outcome-oriented, leveraging data to make decisions
• Thrives in a fast paced, agile environment with excellent organizational skills and ability to re-prioritize on a consistent basis
• Excellent planning and organizational skills, along with a high degree of detail orientation
• A hands-on and adaptable leadership style with commitment to driving results

Collaboration focus in all interactions:

• Provide coaching and learning opportunities to teams ensuring leading edge practices
• Influential to colleagues and peers coming from a “we” orientation
• Collaborative with the ability to build trusting relationships across a diverse and potentially global workforce.

Essential Skills/Knowledge: 

• Ability to communicate clearly and concisely
• Considerable people management skills; capable of acting as leader, advisor, mentor, and coach
• Excellent analytical and critical thinking skills
• Business and stakeholder relationship building experience
• Responsiveness to change and leads as a change agent

Essential EQ/IQ Requirements:

• Contributes as an integral part of the management team of the organization
• Accepts change and is flexible, focusing on action and outcomes
• Makes complex decisions for tough problems; embraces collaboration and teamwork
• Thrives within a fast-paced work environment; perseveres with tenacity
• Manages multiple projects, separating mission critical from the non-strategic with minimal supervision 
• Tackles issues and challenges as they arise; doesn’t avoid confrontation 
• Embraces a spirit of hospitality with fellow employees and external members
• Demonstrates respect and promotes a supportive environment

Qualifications

Skills and Professional Requirements

• Bachelor’s degree in computer science, engineering, information systems, business, or a related discipline is required
• 10+ years of progressive experience in information security, IT risk, or cyber security roles.
• 5+ years of experience leading and managing security teams, including direct and matrixed resources.
• CISSP certification is a plus
• Expertise in PCI, SOX, and HIPAA security requirements and the certification process for each.
• Experience with Cisco, Juniper, Palo Alto Networks, Meraki, Trustwave, Microsoft and their network security technology capabilities.
• Familiarity with cloud environments (Azure preferred) and associated security controls.
• Experience with Operational Technologies (OT) security in a manufacturing environment
• Experience partnering with Legal, Compliance, Audit, and HR on security and risk matters.
• Direct experience endpoint detection and response providers
• Direct experience with cloud- based SIEM providers
• Experience with identifying and selecting security technologies to enable best in class security capabilities

This description outlines the role’s essential functions but may evolve with business needs.

What We Offer:

We’re proud to offer a comprehensive package for full-time employees, including:

• Recharge Time – Paid vacation, holidays, and sick days.

• Health & Wellness – Medical, dental, and vision coverage.

• Future You – 401(k) plan with generous match program to help you save.

• Peace of Mind – Life insurance, disability, and options for HSAs and FSAs.

• Everyday Perks – Free coffee, fresh baked goods, and discounts.

• Growth & Support – Career development and an Employee Assistance Program when you need it.

The target annual base salary range for this position is $160k –180$k. The actual base salary offered will depend on a variety of factors, including the applicant’s qualifications, years of relevant experience, specific and unique skills, level of education, certifications or licenses, other legitimate non-discriminatory business factors, and the geographic location of the role. In addition to base pay, individuals in this position may also be eligible to earn bonuses.

Additional Information

At Peet’s, we believe in creating an inclusive workplace where everyone feels welcome. We are proud to be an Equal Opportunity Employer. We welcome qualified applicants of all backgrounds and do not discriminate based on race, color, creed, religion, gender, age, marital status, national origin, sexual orientation, gender identity, citizenship status, disability, genetic information, uniform service, veteran status, or any other category protected under federal, state, or local laws. Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local ordinances.