C

Lead, Cybersecurity Architecture & Operations

Culligan
1 day ago
Full-time
On-site
Rosemont, Illinois, United States
$140,000 - $180,000 USD yearly

Position: Lead, Cybersecurity Architecture & Operations

Supervisor: Global Chief Information Security Officer

Location: Rosemont, IL

Summary: 

We are seeking a seasoned, self-motivated, hands-on cybersecurity leader to serve as the technical anchor of our global security program. Reporting directly to the Global CISO, you will own the architecture and day-to-day operation of our core security capabilities—SaaS and data security posture management, vulnerability management, SIEM, and SOC operations—across a complex, global environment.

This is a player-coach role for someone who wants both strategic influence and technical depth: you will design the architecture, then roll up your sleeves to build, tune, and run it. You will also play a key role in maturing our security controls, evidence, and audit readiness.

Responsibilities:

  • Security architecture: Define and maintain the enterprise security architecture and reference patterns across cloud, SaaS, network, endpoint, and identity domains.
  • SSPM: Deploy, operate, and continuously tune our SSPM platform; drive remediation of SaaS misconfigurations, risky integrations, and identity/permission sprawl across the global SaaS estate.
  • DSPM: Lead DSPM implementation and operations—discover, classify, and protect sensitive data across cloud and on-premises stores; partner with privacy and legal on data governance.
  • Vulnerability management: Own the end-to-end vulnerability management lifecycle: scanning coverage, risk-based prioritization, remediation SLAs, exception handling, and executive reporting across global infrastructure and applications.
  • SIEM: Administer and optimize the SIEM platform—log source onboarding, parsing, detection engineering, use-case development, and cost/ingestion management.
  • SOC operations: Run day-to-day SOC operations, including oversight of MSSP/MDR partners; mature triage, escalation, and incident response playbooks; lead and coordinate response to security incidents across time zones.
  • Audit and Compliance: Strengthen controls, documentation, and evidence to support SOX ITGC and internal/external audits; conduct application and technology security assessments to evaluate risk and ensure compliance with security standards.
  • Threat-informed defense: Track threat actor activity relevant to our industry and translate it into detections, hardening priorities, and leadership briefings.
  • Global collaboration & mentorship: Partner with IT, infrastructure, application, and business teams across regions; mentor analysts and engineers and raise the technical bar of the broader team.
  • Tooling & automation: Evaluate, select, and integrate security tooling; manage vendor relationships and drive consolidation and automation where it adds value. 

Requirements:

  • 6+ years of progressive, hands-on experience in cybersecurity engineering, architecture, and/or security operations.
  • Deep, practitioner-level experience with SSPM and DSPM platforms (e.g., deploying, operating, and driving remediation at scale).
  • Proven ownership of an enterprise vulnerability management program, including risk-based prioritization and remediation governance.
  • Hands-on experience administering a SIEM (e.g., detection engineering, log onboarding, tuning) and managing or overseeing a SOC, including MSSP/MDR relationships.
  • Strong working knowledge of cloud security (AWS, Azure, and/or GCP), identity and access management, and SaaS ecosystems (e.g., M365, Salesforce, Workday).
  • Experience operating in a global, multi-region environment with distributed teams and follow-the-sun coordination.
  • Excellent communication skills—able to brief executives, write clear standards, and influence engineers without direct authority.
  • Self-starter who operates with minimal direction and drives initiatives from concept to steady-state operation.

 

Preferred Qualifications:

  • Experience supporting SOX ITGC controls or operating in a public company environment.
  • Familiarity with frameworks and regulations such as NIST CSF, ISO 27001, CIS Controls, GDPR, and PCI DSS.
  • Scripting/automation skills (Python, PowerShell, APIs) and experience with SOAR platforms.
  • Relevant certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GDSA), or cloud security certifications (AWS/Azure security specialty, CCSP).
  • Experience in manufacturing, consumer products, or other distributed-operations industries.

 

What Success Looks Like: 

  • SSPM and DSPM platforms are fully operational, with a measurable reduction in SaaS misconfigurations and unprotected sensitive data.
  • Vulnerability management SLAs are defined, reported, and trending in the right direction across all regions.
  • SIEM detection coverage mapped to MITRE ATT&CK with documented, tested response playbooks; SOC/MSSP performance metrics in place.
  • Security controls and evidence ready to withstand internal and external audit scrutiny.

 

Work Arrangements: 

This is a hybrid position based at our Rosemont, IL office, with three days per week onsite. Occasional travel and flexibility for calls across global time zones is expected.

 

Target Salary Range: $140,000 - $180,000 year plus bonus.  Exact pay will be based on factors including, but not limited to relevant education, qualifications, experience, level, geographic location, and business and organizational needs.  Full-time positions are eligible for competitive benefits, including: paid time off, health, dental, vision, life, disability benefits and 401(k).