Sr. Cybersecurity Engineering and Operations Manager (HYBRID)

McCormick & Company, Inc., a global leader in the spice, flavor, and seasonings industry, is seeking a full-time Sr. Cybersecurity Engineering and Operations Manager. This new hire will work at our Gobal Headquarters, located in Hunt Valley, MD. 

McCormick & Company, Incorporated is a global leader in flavor with approximately 13,000 employees worldwide. As a Fortune 500 company with over $5 billion in annual sales across 160 countries and territories, we manufacture, market, and distribute spices, seasoning mixes, condiments, and other flavorful products to the entire food industry including e-commerce, retail, food manufacturers and foodservice businesses. Our most popular brands include McCormick, French's, Frank's RedHot, Stubb's, OLD BAY, Lawry's, Zatarain's, Ducros, Vahiné, Cholula, Schwartz, Kamis, DaQiao, Club House, Aeroplane, and Gourmet Garden. Every day, no matter where or what you eat or drink, you can enjoy food flavored by McCormick. Our Purpose is "To Stand Together for the Future of Flavor and our Vision is "A World United by Flavor—where healthy, sustainable and delicious go hand in hand."

As a company recognized for its exceptional commitment to employees, McCormick offers a wide variety of benefits, programs, and services. Benefits include, but are not limited to, tuition assistance, medical, dental, vision, disability, group life insurance, 401(k), profit sharing, paid holidays, and vacations.

POSITION OVERVIEW:

Leads a global team of network security, cloud security, OT security and application security engineering and operations functions. Aligns with defined policies, standards to ensure McCormick’s digital asset protection globally. Responsible for the creation, tracking and trending of performance metrics of the services delivered under their remit as directed by the Director of Cybersecurity Architecture and Engineering. The Cybersecurity Senior Manager ensures the security and availability of McCormick's information assets and IT services through leadership of one or more core functions of the NIST Cybersecurity Framework including Identify, Protect, Detect, Respond and Recover. Requiring a high degree of technical expertise and the ability to effectively assess cyber threats and risks both at a technical level and at an enterprise level, the Sr Manager makes timely decisions regarding the prioritization of cybersecurity capability investments and the selection, design and implementation of business appropriate, highly complex technology solutions and controls. Decisiveness is required on a regular basis, many times under highly stressful conditions, to effectively respond to rapidly changing external conditions that could quickly threaten McCormick's ability to conduct business. The nature of cyberthreats could cause an enterprise-jeopardizing situation to manifest itself within a matter of minutes or hours with no advance warning. In several cases each year, this level of rapid decision-making ability is required during situations where McCormick's information assets, IT services and networks are under active attack by malicious cyber threat actors and hackers. The Sr Manager must establish and execute against a strategic plan that achieves the optimal balance of Identifying, Protecting, Detecting, Responding and Recovering with regard to McCormick's information assets and IT services. This position is responsible for the direct management of a global team including highly technical internal resources and third parties.

RESPONSIBILITIES:

Operations - ITSM, Security IR & On-Call

• Manage the technical and functional delivery of Security Services according to established ITSM SLAs, processes, and practices.
• Manage team resources to provide 24x7 support for priority incidents and projects that may require after hours work. Provide an escalation point for critical and urgent items and redirect or engage others as needed for proper resolution or hand-off.
• Review, assess and approve change manage requests presented by the team and interact with IT and business teams to ensure alignment on risk, impacts and communications as necessary.
• Preparing for and responding to cybersecurity incidents, CSIRT leadership and membership and preparing for and conducting tabletop exercises and CSIRP development and playbook improvement.

Projects & Delivery

• Sponsor, lead, resource manage and at times project manage IT/Security projects.
• Provide reasonable estimates and forecasts of project resources, infrastructure and/or services as needed to address demands and requirements.
• Cost effective and timely engineering, design, build and delivery, including the oversight and management of external parties performing this function.

Threat/Risk

• Evaluation of threats both internal and external and comparing to internal capabilities resulting in the ultimate assessment of risk. Identification of appropriate mitigating and compensating controls and the development of high-level plans to implement selected controls.
• Identify risks both operational and security during day to day activities and during specific, targeted efforts or audits. Make recommendations and/or take action to mitigate these risks as appropriate.

Compliance

• Regularly review and actively execute security technologies, infrastructure, systems and processes to ensure compliance to security requirements, separation of duties and other best practices are being followed and where necessary, resolve and/or escalate inconsistencies and issues.
• Maintain, review and certify any IT and SOX controls as assigned.

Strategy

• Development and maintenance of IT Security strategic plan and roadmap to include new solutions/capabilities and solution life cycle events aligned to IT and IT Security vision, program maturity and objectives.
• Prepare project proposals and contribute to the overall IT Security portfolio and programs.

Team/Personal Management & Development

• Work within McCormick people management systems and processes to manage employees, including performance management/goals and personnel development.
• Develop and maintain security relevant skills and knowledge, both technical and non-technical, through training, certifications, and other means for oneself and their team. Work with individuals to prepare development plans and facilitate as necessary for completion.
• Maintain up-to-date knowledge by researching new technologies and software products, participating in educational opportunities and conferences, and reading professional publications.

Planning

• Define, plan and maintain application/system configuration lifecycles. Provide sizing and budget estimations to align with life cycle/renewal schedules.
• Execute approved plans to budget.   

Capabilities, Solutions and Systems Development

• Serve as a subject matter expert to the business stakeholders, understanding their core business processes and business priorities which can be enhanced using technology solutions.
• Identification of the policies, standards and controls required to effectively manage the access to the Company’s information assets and IT Services.
• Vendor evaluation and selection and development of strategic alliances with 3rd parties.   10%

REQUIRED QUALIFICATIONS:

• Bachelor's degree in Information Technology, Computer Science or relevant field.
• Certified Information Systems Security Professional (CISSP) and at least two of the preferred qualifications or equivalent certifications
• 10+ years experience in information technology with increasing responsibility with 5+ years recently in a network-based security function. 8+ years of proven leadership experience with 6+ years experience managing large cross-functional teams which responsibility included resource planning and prioritization, performance management and talent development.
• Experience with architecture and implementations of IT/IT Security solutions.
• Proven ability to drive security processes, remediation, and standards within a complex business environment while maintaining continuity of business operations.
• Comprehensive technical knowledge of all areas within IT plus a comprehensive understanding of all business functions and how their processes and resources interact is required.
• A strong understanding of the CPG and Food Manufacturing industries and commercial awareness is required to understand the relative positioning of the company’s products and services versus the competition and to gain an understanding of the Corporation's tolerance for risk.
• Broad and comprehensive knowledge of cybersecurity capabilities is required

PREFERRED QUALIFICTIONS:

• MBA or Masters in Computer Science, Information Governance, Engineering, Business Management or related field
• Certified Identity and Access Manager (CIAM), Certified Identity Management Professional (CIMP), Certified Ethical Hacker (CEH), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), CIP (Certified Information Professional), CompTIA Security+, SANS GIAC Security Essentials, Certified in Risk and Information Systems Control (CRISC), Cloud Certification (AWS, GCP, Azure),
• Certificate of Cloud Security Knowledge (CCSK), Offensive Security Certified Professional (OCSP), ITIL, or other relevant security certification
• 3+ year public cloud IaaS experience (Azure, GCP and/or AWS)

McCormick & Company is an equal opportunity/affirmative action employer.  All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

As a general policy, McCormick does not offer employment visa sponsorships upon hire or in the future.