Manager, Information Security

Chewy Boston , MA 02298

Posted 2 months ago

Our Opportunity:

We are seeking a highly motivated Manager, Information Security to join our Information Security Team based in Dania Beach, FL. The ideal candidate will be responsible for the implementation and maintenance of the enterprise-wide information security program, and ensuring that all information assets are adequately protected. The InfoSec Manager will also direct the implementation and monitoring of information security standards and policies. Additionally, they will be responsible for identifying, evaluating, reporting on, and mitigating cybersecurity risk to information assets as well as leading the Security Incident Response through the 24/7 Chewy Security Operations Center.

This role will require an individual with a strong technical background, as well as an ability to work with the IT organization and business management to align priorities with key business objectives. In addition to implementing security policies, the InfoSec Manager must be able to prioritize work efforts - balancing operational tasks with longer-term strategic security efforts.

The InfoSec Manager must have proven leadership and team-building skills to continue the explosive growth of the Chewy security team. Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of this position.

What You'll Do:

  • Oversee and continuously improve the security incident response process.

  • Oversee and continuously improve the 24/7 Security Operations Center and all related processes and runbooks.

  • Oversee and continuously improve the Enterprise firewall administration process.

  • Oversee and guide the design, implementation, and support of information security solutions.

  • Work with the team on a wide range of security tools, methodologies, and standards.

  • Perform security assessments and review of networking infrastructure and implementation of new security-based technologies.

  • Ensure that the security infrastructure is maintained to the highest standards of change management.

  • Interface with members of the entire IT organization and business to manage security vulnerabilities and drive priorities.

  • Participate in 24/7 support and on-call rotation, including incident management duties related to security incidents.

  • Build out security monitoring and SIEM infrastructure and processes to proactively detect security attacks and reduce time to mitigate.

  • Vendor relationship management, ensuring that service levels and vendor obligations are met .

  • Continuously improve the support for other IT teams in malware remediation, mitigation of network and web-based attacks, and implementing proactive security controls into systems.

  • Oversee the management of the IPS/IDS and firewall infrastructure for both on-prem and cloud environments

What You'll Need:

  • Proven Security Incident Handling u0026amp; Response experience.

  • Experience in leading and continuously improving a 24/7 security operation leveraging both in house and external vendor resources.

  • Security industry certifications (CISSP, SANS or others).

  • Proven experience in security leadership and building elite enterprise and network security teams.

  • Strong security background and hands on experience with NGFW firewalls, IPS, WAF, DLP, and other network-based security technologies is greatly preferred.

  • Strong understanding of TCP/IP and other networking principles.

  • Proven knowledge and understanding on how to secure key IT technologies including Windows, Linux, Databases, Web Servers, Load Balancing and others.

  • Strong experience with securing e-commerce applications and supporting infrastructure.

  • Strong understanding of SOX u0026amp; PCI requirements and implementing data privacy controls.

  • Experience with endpoint forensics, malware remediation, and advanced attack detection.

  • Ability to generate security metrics and reporting on incidents and effectiveness of controls.

  • A minimum of 3 years' hands on experience with SIEM technologies or security event management platforms.

  • Strong understanding of vulnerability management and implementing risk reduction plans.

  • Experience with DDoS mitigation and preventing Layer-7 Web based attacks.

  • Able to prioritize and execute tasks in a high-pressure environment.

  • Experience working in a team-oriented, collaborative environment.

  • Position may require travel

If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Compliance And Information Security Manager


Posted 1 week ago

VIEW JOBS 5/21/2020 12:00:00 AM 2020-08-19T00:00 Who You Are As our Compliance and Information Security Manager, you will be a key member of the Global Compliance and Information Security team who is responsible for C Space's global compliance, privacy, and information security. You will collaborate closely with Senior Management, Sales, Technology, Product teams and other internal and external stakeholders. What You'll Do * Be an advocate for all company compliance and security related issues, including the planning and development of the compliance, privacy and information security strategy and plans and their effectiveness, in support of the company's mission and strategic plan * Work with key business and IT leaders to develop policies, standards, guidelines, and procedures to ensure the confidentiality, integrity, and availability (CIA) of the company's systems and data * Provide leadership and direction during incident response, investigations, and reporting * Maintain and implement risk management programs and strategies and conduct internal risk assessments to validate compliance and manage risk assessment of current and new technologies and processes and implement strategies to mitigate prioritized risks * Manage external compliance, privacy, and security, assessments and audits and coordinate with the appropriate entities or authorities * Review contracts and assist in relevant compliance, privacy, and security negotiation during contracting phase * Build and maintain relationship with client contacts including drug safety and quality departments * Manage and help nurture a growing team Desired Skills and Experience * Minimum of 3+ experience in a risk management, information security, privacy, and/or compliance role * Experience in developing, reviewing, and implementing relevant policies and procedures and programs that meet compliance, privacy, and security requirements * CISA Certification * Knowledge and understanding of relevant regulations and standards such as GDPR, CCPA, HIPAA, SOX, MA 201 CMR 17, ISO/IEC 27001/2 and NIST, and sound knowledge of information security management systems (ISMS) * Knowledge of information security processes such as Change Management, SDLC, DRP, BCP, and IRP and experience in managing compliance, privacy incidents and participating in Security Incident Response Team (SIRT) activation in the course of a rapidly evolving incident is a plus * Excellent analytical skills and demonstrated experience in communicating effectively in written and spoken form to broad internal and external entities * Keen ability to manage multiple projects under strict timelines, with exceptional attention to detail * Self-starter and able to work both independently and in a team setting * Maintain a positive attitude, strong work ethic and a focus on creative problem-solving * Superior management skills * Proficient in MS Office, with emphasis on Outlook, Word and Excel required There's no such thing as a typical C Spacer. What C Spacers thrive on is a growth mindset. We're a growing, always-changing business, often reinventing ourselves to keep pace with the fast-changing world of our clients. So we're looking for people who are excited about change and who challenge the status quo. We need people who share our passion for the role customers can play in solving business problems - people who want to disrupt the way things traditionally have been done. We're focused on building a learning culture where it's safe to experiment, take risks and do things differently. That means we need people who aren't afraid to speak up and share an alternative perspective yet are humble and self-aware enough to admit they don't know everything. Collaborators, self-starters, creative problem-solvers. We're always challenging ourselves to be better, more human, more impactful. 20 years since launch, we still think of our business as a 'work in progress' where we're focused on getting better every day. If you share that philosophy when you think about your own personal development, we might be a good match. About C Space Our clients call us their customer agency. Our mission is to make business more human. We create rapid insight and business change, putting customers at the heart of companies and solving problems from the customer's perspective. We keep our clients relevant by building real, ongoing relationships with customers that in turn help them deliver superior experiences, launch successful products and build loyalty. Our customized approaches are tailored to specific business needs and include online insight communities, immersive storytelling, data and analytics, activation events, innovation projects and business consulting. We do this for many of the world's best-known brands - like Bose, Walmart, Jaguar Land Rover, Mars, Samsung, IKEA and more - to create "Customer Inspired Growth". We are passionate about our people and proud of our culture. We co-created a set of values to ensure that we are delivering fantastic work, continuing to learn and developing and building a high-performance culture which creates opportunities for those who work here: * I've got this: taking responsibility, doing what we say we will * Only accept awesome: delivering high quality work that we are proud of and has impact * Show the love: celebrating successes and ensuring everyone has a voice * Do what scares you: challenging ourselves, taking risks and learning more * Tell it like it is: being honest and freeing ourselves from "office politics" and "hidden agendas" * Open up and listen: listening first and fully before we respond or react * Find what fascinates: being passionate about the world and our clients' worlds * We before me: putting the team first * Leave your mark: everyone has an opportunity drive change in our business and for our clients Interested? We look forward to receiving applications from people with diverse backgrounds - talented, creative people with their own voice, ideas and perspectives. To learn more, visit or follow us on Twitter @CSpaceGlobal and Instagram @c_spaceglobal. C Space is a part of DDB, a division of Omnicom Group Inc. Headquartered in Boston, C Space also has offices in New York, San Francisco and London. C Space is proud to be an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment at C Space without regard to race; creed; color; religion; national origin; sex; age; disability; sexual orientation; gender identity or expression; genetic predisposition or carrier status; veteran, marital, or citizenship status; or any other status protected by law. Communispace Boston MA

Manager, Information Security