Position: Lead, Cybersecurity Architecture & Operations
Supervisor: Global Chief Information Security Officer
Location: Rosemont, IL
Summary:
We are seeking a seasoned, self-motivated, hands-on cybersecurity leader to serve as the technical anchor of our global security program. Reporting directly to the Global CISO, you will own the architecture and day-to-day operation of our core security capabilities—SaaS and data security posture management, vulnerability management, SIEM, and SOC operations—across a complex, global environment.
This is a player-coach role for someone who wants both strategic influence and technical depth: you will design the architecture, then roll up your sleeves to build, tune, and run it. You will also play a key role in maturing our security controls, evidence, and audit readiness.
Responsibilities:
-
Security architecture: Define and maintain the enterprise security architecture and reference patterns across cloud, SaaS, network, endpoint, and identity domains.
-
SSPM: Deploy, operate, and continuously tune our SSPM platform; drive remediation of SaaS misconfigurations, risky integrations, and identity/permission sprawl across the global SaaS estate.
-
DSPM: Lead DSPM implementation and operations—discover, classify, and protect sensitive data across cloud and on-premises stores; partner with privacy and legal on data governance.
-
Vulnerability management: Own the end-to-end vulnerability management lifecycle: scanning coverage, risk-based prioritization, remediation SLAs, exception handling, and executive reporting across global infrastructure and applications.
-
SIEM: Administer and optimize the SIEM platform—log source onboarding, parsing, detection engineering, use-case development, and cost/ingestion management.
-
SOC operations: Run day-to-day SOC operations, including oversight of MSSP/MDR partners; mature triage, escalation, and incident response playbooks; lead and coordinate response to security incidents across time zones.
-
Audit and Compliance: Strengthen controls, documentation, and evidence to support SOX ITGC and internal/external audits; conduct application and technology security assessments to evaluate risk and ensure compliance with security standards.
-
Threat-informed defense: Track threat actor activity relevant to our industry and translate it into detections, hardening priorities, and leadership briefings.
-
Global collaboration & mentorship: Partner with IT, infrastructure, application, and business teams across regions; mentor analysts and engineers and raise the technical bar of the broader team.
-
Tooling & automation: Evaluate, select, and integrate security tooling; manage vendor relationships and drive consolidation and automation where it adds value.
Requirements:
- 6+ years of progressive, hands-on experience in cybersecurity engineering, architecture, and/or security operations.
- Deep, practitioner-level experience with SSPM and DSPM platforms (e.g., deploying, operating, and driving remediation at scale).
- Proven ownership of an enterprise vulnerability management program, including risk-based prioritization and remediation governance.
- Hands-on experience administering a SIEM (e.g., detection engineering, log onboarding, tuning) and managing or overseeing a SOC, including MSSP/MDR relationships.
- Strong working knowledge of cloud security (AWS, Azure, and/or GCP), identity and access management, and SaaS ecosystems (e.g., M365, Salesforce, Workday).
- Experience operating in a global, multi-region environment with distributed teams and follow-the-sun coordination.
- Excellent communication skills—able to brief executives, write clear standards, and influence engineers without direct authority.
- Self-starter who operates with minimal direction and drives initiatives from concept to steady-state operation.
Preferred Qualifications:
- Experience supporting SOX ITGC controls or operating in a public company environment.
- Familiarity with frameworks and regulations such as NIST CSF, ISO 27001, CIS Controls, GDPR, and PCI DSS.
- Scripting/automation skills (Python, PowerShell, APIs) and experience with SOAR platforms.
- Relevant certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GDSA), or cloud security certifications (AWS/Azure security specialty, CCSP).
- Experience in manufacturing, consumer products, or other distributed-operations industries.
What Success Looks Like:
- SSPM and DSPM platforms are fully operational, with a measurable reduction in SaaS misconfigurations and unprotected sensitive data.
- Vulnerability management SLAs are defined, reported, and trending in the right direction across all regions.
- SIEM detection coverage mapped to MITRE ATT&CK with documented, tested response playbooks; SOC/MSSP performance metrics in place.
- Security controls and evidence ready to withstand internal and external audit scrutiny.
Work Arrangements:
This is a hybrid position based at our Rosemont, IL office, with three days per week onsite. Occasional travel and flexibility for calls across global time zones is expected.
Target Salary Range: $140,000 - $180,000 year plus bonus. Exact pay will be based on factors including, but not limited to relevant education, qualifications, experience, level, geographic location, and business and organizational needs. Full-time positions are eligible for competitive benefits, including: paid time off, health, dental, vision, life, disability benefits and 401(k).