• Manager, Security Operations

    SpartanNash (Byron Center, MI)


    At SpartanNash, we deliver the ingredients for a better life through customer-focused innovation. We do this for our supply chain customers and U.S. military commissaries, retail store guests and, most importantly, our Associates. In fact, we see a day when each will say, **_“I can’t live without them.”_**

     

    Our SpartanNash family of Associates is 20,000 strong, ranging from bakery managers to order selectors; from IT developers to vice presidents of finance; from HR Business Partners to export specialists. Each of them plays an integral role in SpartanNash’s **People First** culture, Operational Excellence and Insights that Drive Solutions. Ready to contribute to the success of our food solutions company? Apply now!

    Location:

    850 76th Street S.W. - Byron Center, Michigan 49315

    Job Description:

    Position Summary:

    The Manager, Security Operations is responsible for maintaining and advancing the enterprise-wide information security operations program to ensure that data, information assets and critical infrastructure are adequately protected. This position supports strategic direction, policy and provides standard development and process mapping for Information Security, leveraging quality and risk as key components to the overall program.

    Here’s what you’ll do:

    + Development and implementation of a strong Information Security practice at SpartanNash

    + Oversight of the confidentiality, integrity, and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories

    + Day-to-day management of Information Security Operations

    + Management of Security Operations activities and personnel

    + Oversee security monitoring practice and analysis of security alerts

    + Supervise all investigations and provide on-going communication with stakeholders and senior management

    + Lead and support the design and execution of vulnerability assessments, penetration tests, and security audits

    + Act as a point of escalation for the team and collaborate with enterprise teams in the event of an incident

    + Handle and escalate security incidents as defined in the incident response procedures

    + Facilitate and participate in eDiscovery and forensic investigations with outsourced vendors

    + Prepare reports and necessary documentation for leadership to detail security evaluations and incidents

    + Establish Information Security processes for the team

    + Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents

    + Ensure that projects are completed on time and within allocated budget

    + Supervise, mentor, and train team members to ensure that job requirements are being properly meet and completed on time

    + Delegate work assignments and coach team members to ensure systems are implemented according to specifications and standards

    + Design and deploy information security awareness training for all coworkers to ensure consistently high levels of compliance with SpartanNash’s Information Security Program

    + Establish, document, and enforce SpartanNash’s Information Security Policy

    + Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new vulnerabilities, attacks and threat vectors

    + Partner with IT leaders to instill Information Security industry best practices across IT including development, third-party software support, database administration, enterprise architecture. This position will work with the following tools and technologies: Rapid7, Microsoft O365 Security solutions, Microsoft Azure Cloud Security, Palo Alto Networks Firewalls, Security Orchestration and Automation Tools, Fireeye Helix, Zscaler, Infoblox, MS Project, Penetratin Testing using Kali Linux, F5, and Endpoint Security Technologies. Provide supervision to Analyst III, IT Security, Specialist Security Engineer and Security Engineer.

    + Additional responsibilities may be assigned as needed.

    Here’s what you’ll need:

    + Bachelor's Degree (Required) in Computer Science, Computer Information Systems or related field or equivalent combination of education and/or experience.

    + 5+ years related experience.

    + Must also have 12 months of experience (which may have been gained concurrently) with each of the following:

    + Day-to-day management of Information Security Operations;

    + Facilitate and participate in eDiscovery and forensic investigations with outsourced vendors;

    + Prepare reports and necessary documentation for leadership to detail security evaluations and incidents;

    + Oversee the deployment, integration, and initial configuration of all new security solutions and any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents; and

    + Working with the following tools and technologies: Rapid7, Microsoft O365 Security solutions, Microsoft Azure Cloud Security, Palo Alto Networks Firewalls, Security Orchestration and Automation Tools, Fireeye Helix, Zscaler, Infoblox, MS Project, Penetratin Testing using Kali Linux, F5, and Endpoint Security Technologies.

    + Demonstrated knowledge of operating systems, communications protocols, and security concepts, best practices and procedures. In-depth knowledge of compliance regulations (i.e., SOX, PCI, and HIPAA) required.

    + Must have knowledge of data network concepts, protocols, practices, and procedures, and strong knowledge of network management and security.

    + Experience with security subsystems (e.g.,firewalls, VPN servers. IDS/IPS, etc.).

    + Must have working knowledge of all IT security areas (e.g.,servers, desktops, voice, Internet, and web technologies, etc.) and experience in administration and configuration of log management tools/SIEM.

    + Strong working knowledge of PC, server and network technologies.

    + Excellent written and verbal communications skills; ability to communicate IT related information in a non-technical manner.

    + Excellent analytical, problem solving, troubleshooting, decision-making and project management skills.

    + Excellent organization, prioritization and attention to detail skills.

    + Ability to lead projects and provide work direction to others.

    Physical Requirements:

    The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

     

    May be required to lift and/or move 20 pounds. The associate is frequently required to sit/stand/walk. While performing the duties of this position, the associate is subject to a typical office environment and is rarely exposed to outside weather conditions. Temperatures may vary for those subject to any of the following areas: computer/server room, print shop, production area). The noise level in the work environment is usually low to moderate but may be high in distribution settings. Travel requirements vary by assignment.

     

    As part of our **People First** culture, SpartanNash is proud to offer a robust and competitive Total Rewards benefits package (https://careers.spartannash.com/why-work-here/benefits/) .

     

    SpartanNash is an Equal Opportunity Employer that invests in Associate development, recognizes and celebrates success, fosters two-way communication, and promotes a sense of belonging. We are committed to providing equal employment opportunities to all individuals, including those with disabilities and Veterans.

     

    We are not able to sponsor work visas for this position.

     

    SpartanNash (Nasdaq: SPTN) is a food solutions company that delivers the ingredients for a better life. Committed to fostering a** **People First** **culture, the SpartanNash family of Associates is 20,000 strong. SpartanNash operates two complementary business segments – food wholesale and grocery retail. Its global supply chain network serves wholesale customers that include independent and chain grocers, national retail brands, e-commerce platforms, and U.S. military commissaries and exchanges. The Company distributes products for every aisle in the grocery store, from fresh produce to household goods to its OwnBrands, which include the Our Family® portfolio of products. On the retail side, SpartanNash operates nearly 200 brick-and-mortar grocery stores, primarily under the banners of Family Fare, Martin’s Super Markets and D&W Fresh Market, in addition to dozens of pharmacies and fuel centers with convenience stores. Leveraging insights and solutions across its segments, SpartanNash offers a full suite of support services for independent grocers. For more information, visit** **spartannash.com** **.

     

    Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by state or federal law. Reasonable accommodations may be made to enable individuals with disabilities to perform essential job functions. If you require assistance or an accommodation of any kind to complete an application, please contact us at [email protected].