Manager of Cloud Security

Who We Are

For over 20 years, SPINS has been a leader in recognizing the transformative power of data in retail. We offer our clients cutting-edge tools to attract attention from a fast-growing segment within the Health & Wellness industry, the values-based consumer. Nearly half of shoppers prioritize products that emphasize wellness, social responsibility, and sustainable practices. SPINS retail consumer insights, analytics, and consulting services give our clients a competitive advantage to increase their share of this growing market. Our data is the most comprehensive and accurate in the industry, allowing clients to power AI models and machine learning algorithms that help them better understand and meet their customers' needs. At SPINS, behind all of our impressive data is our real differentiator, our people. We pride ourselves on our collaborative, flexible, and communicative culture that puts people at the center of everything we do.

SPINS is hiring a Manager of Cloud Security to the Cloud Security Team who will play a pivotal role in cloud security activities, ensuring the availability, integrity, and confidentiality of customer, business partner, and employee data in line with the organization's information security policies. This role involves managing the day-to-day implementation of security best practices aligned with CIS, SOC, and ISO 27001, as well as identifying potential security risks. The Manager of Cloud Security will work closely with the team to maintain our cloud security management program, ensuring that our cloud security assets remain robustly protected. The person in this position should have a passion for the protection of customer data, consumer data, and cyber security. 

This highly specialized team is wholly committed to enhancing Cloud Security practices at SPINS. As part of our dedicated SecOps team, our primary focus is fortifying security protocols within our AWS, GCP, and Azure environments. We achieve this through seamless collaboration with both Engineering and Platform Engineering teams, fostering a unified approach to safeguarding our systems. Our team's diverse responsibilities span the spectrum of security, encompassing the entire lifecycle from crafting robust security procedures to expertly implementing them across our extensive SPINS systems landscape.

 What you will do:

• Design, implement and support the strategy for our Cloud Security Solutions 
• Actively collaborate actively across departments on the development, deployment, and supporting services 
• Evaluate our current Cloud Security posture across multiple platforms 
• Analyze, Recommend and Validate Security controls and improvements across our infrastructure stack 
• Collaborate with key external stakeholders such as customers and auditors 
• Establish time and Produce data-driven reports on technology risk for senior management’s review and action
• Champion and Drive continuous improvement in the tech stack 
• Lead a team of security engineers focused on Cloud Security 
• Oversee budgeting and forecasting for security tooling, services, and resources 

 Additional Responsibilities: 

• Identify and implement Cloud Security controls encompassing operational and governance aspects of the business 
• Interface collaboratively with SPINS DevOps teams, business, and Application Operations teams to incorporate security into proposed cloud solutions 
• Develop and establish strategies for managing multiple platforms (AWS, Azure, GCP) and accounts 
• Validate identity federation strategies for staff and mobile endpoints using enterprise, web, or third-party identity providers
• Establish IAM policies to secure roles, groups, users, and data security within cloud environments 
• Validate best-fit services and security architecture for efficient cloud resource usage and data flow management
• Lead process and procedure documentation for data retention, resource lifecycles, configuration management, and disaster recovery 
• Understand various network security topologies including Virtual Network, subnets, security groups, and more 
• Identify efficient logging and alerting procedures for cloud monitoring and incident response 

 What you bring: 

• 5+ years of experience in security engineering and 2+ years of experience managing teams  
• Demonstrated expertise in GCP, AWS, and Azure Cloud Infrastructures 
• Comprehensive understanding of best practices for secure Cloud-based Infrastructure 
• In-depth knowledge of containerization, orchestration, and cloud scale solutions 
• Proficiency in cloud security technology like Splunk, CloudStrike, or Laceworks 
• Enthusiasm for automation, scalable, and reproducible security practices 
• Ability to effectively manage multiple priorities and make decisions on the go 
• Experience with application security standards like OWASP and secure coding practices 
• Familiarity with data analytics and insights
• Understanding of standards such as SOC, ISO 27001/27002, and the NIST Cybersecurity Framework 
• Ability to negotiate and manage challenging situations to advocate for and influence roadmaps for security policies 

Qualifications 

• Bachelor's degree in computer science or related fields required; Master's degree is a plus 
• Strong project management skills 
• Excellent written and verbal communication skills 
• Experience with GRC (Governance Risk Compliance) is beneficial 
• Security certification(s) or membership in Information Security Organizations (e.g., SANS, ISC2, ISACA) are a plus 

#LI-RD1 #LI-Hybrid

What SPINS Offers

We have enjoyed tremendous growth over the years and, as a leader in a fast-growing industry, we have no plans to slow down!  While all that growth brings excitement, it is also an opportunity for SPINS to show it values the health and wellness of its team members. Whether you are based at our Chicago headquarters or remote, we continue to stay true to SPINS:

• We embrace hybrid and remote work options so that you have the flexibility to create a work/life balance that actually works!
• Virtual yoga, HIIT, meditation classes, and “team SPINS” Peloton rides
• Each employee is allotted paid time to use to volunteer with an organization of their choice and charitable donations are matched.
• CEO Connect, a monthly informal small group Q&A session with our top leader 
• Semi-annual company-wide survey that is used to shape company programs, perks, and culture.

  The SPINS Way

• Direct – We communicate with clarity, honesty and respect in all situations and embrace opportunities to provide solution-oriented feedback.
• Determined – We are committed to overcoming all obstacles to achieve results. We adapt to change, seek opportunities to learn and rapidly translate that learning into action.
• Passionate – We go above and beyond to help our partners achieve their goals. We challenge assumptions and are comfortable forging new paths.
• Collaborative – We leave our egos at the door, believing that working together we will produce an outcome that’s greater than each individual contribution.

For details about the information SPINS’s collects about our applicants and how we use it, please see the SPINS Privacy Policy here.