Senior Manager of Cyber Security Operations

It's fun to work in a company where people truly believe in what they are doing. At Dutch Bros Coffee, we are more than just a coffee company. We are a fun-loving, mind-blowing company that makes a difference one cup at a time. 

Job Overview:

The Senior Manager of Cybersecurity Operations plays a crucial role in ensuring the protection and security of critical systems and sensitive information across the organization. Reporting to the Chief Information Security Officer (CISO), this role oversees key cybersecurity programs, including the Security Operations Center (SOC), Vulnerability Management, Data Loss Prevention (DLP), ensuring the confidentiality, integrity, and availability of critical assets. This role will be tasked with driving security strategies and initiatives while proactively addressing emerging cybersecurity risks. Strong technical expertise, leadership capabilities, and a proactive approach to challenges are essential for success in this role.

Job Qualifications:

• Bachelor’s degree (BA/BS) in a related discipline, or 4 additional years of related experience, required

• A minimum of 6 years of experience in infosec roles that provide a background in IT areas such as software development, infrastructure, operations, and incident response, is required

• A Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification, is preferred

• Proven experience managing a SOC and implementing vulnerability management, and DLP

• Strong knowledge of cybersecurity technologies, MDR, EDR, SIEM, SOAR, Vulnerability Management tools and best practices

• Thorough understanding of SOX, CCPA, PCI, NIST, and CIS18

• Previous experience in SaaS-heavy environments and vendor management

• Deep experience with risk management, threat modeling, and vulnerability assessment

• Can lead without authority. Ability to lead, mentor, and develop a high-performing cybersecurity team, fostering a collaborative and growth-oriented environment

• Expertise in managing high-pressure, time-sensitive incidents and making quick, informed decisions under stress

• In-depth knowledge of current and emerging cyber threats, with the ability to apply advanced detection methodologies to stay ahead of risks

• Familiarity with cloud security frameworks, controls, and best practices for securing cloud environments (e.g., AWS, Azure, Google Cloud)

Location Requirement:

This role is located in the Greater Phoenix area.  This position is required to be in office 4 days per week (Mon-Thurs); Fridays are optional remote work days.

Key Result Areas (KRAs):

Develop and manage critical security programs by implementing best practices throughout the various technologies across Dutch Bros to identify and reduce risk to acceptable levels:

• Design workflow and processes for Security Operations Center (SOC):

  • Manage and optimize the day-to-day operations and tools of the SOC, ensuring effective monitoring, detection, and response to security incidents.

  • Develop and implement SOC processes and procedures to improve efficiency and effectiveness with increased focus on new capabilities and advanced threat detection.

• Incident Response:

  • Oversee the incident response process, ensuring rapid identification, containment, eradication, and recovery from security incidents.

  • Conduct post-incident reviews and implement lessons learned to enhance security measures.

  • Partners with IT and GRC teams to maintain readiness, incident response plans, to include building playbooks and conducting simulations ensuring preparedness across the organization.

• Vulnerability Management:

  • Lead the vulnerability management program, including vulnerability assessments, prioritization, and remediation strategies.

  • Collaborate with IT and development teams to ensure timely patching and vulnerability mitigation.

  • Establish metrics on the status of the program and inform leadership on areas for opportunity.

• Data Loss Prevention (DLP):

  • Oversee the DLP strategy, ensuring the protection of sensitive data across all platforms and preventing unauthorized access or data exfiltration.

  • Conduct regular audits and assessments to evaluate DLP effectiveness and compliance.

Drive infosec within Dutch Bros to align with cultural values while collaborating with other teams and vendors to deliver superior performance standards and policies for compliance:

• Develop programs and awareness to improve CCPA, GDPR, PCI, and SOX processes. 

• Act as the ambassador for the third-party risk program, integrating departments into the evaluation and decision-making processes.

• Partner with Legal to align contractual language with any inherent risk.

• Foster a culture of Privacy by Design.

• Map regulated data lifecycle from collection to destruction.

• Ensure appropriate protections and controls are in place for data elements.

• Determine appropriate tools to automate and streamline processes where possible.

• Collaborate with other departments to identify and reduce risk while ensuring company practices are in compliance where relevant. 

Support the growth of the infosec team while operationalizing cybersecurity initiatives to highlight improvements in posture:

• Evangelize scorecards against NIST and CIS standards to track the improvement of security across programs.

• Foster team mentality centered around business benefits from security initiatives. 

• Actively participate in hiring processes and onboarding of new employees and vendors.

• Plan, assign and support workloads for direct reports.

• Grow and mentor security talent.

• Set reasonable stretch performance goals, provide balanced, regular performance feedback, and conduct tri-annual performance reviews.

• Recognize and reward performance excellence.

• Provide leadership, direction, and training to improve information security awareness.

• Other duties as assigned

Skills:

• Change Management 

• Project Management 

• Business Plan Development

• Using data to make decisions 

• Communication

• Critical Problem Solving

• Delegation

Physical Requirements:

• In-Office Environment: Must be able to work in a busy, crowded, and loud office with frequent distractions and interruptions

• Must be able to collaborate in-person with occasional impromptu in-person meetings 

• Office Conditions: Adaptability to typical office conditions, which may include exposure to air conditioning, heating, artificial lighting, and varying noise levels

• Mobility: Ability to sit, stand, reach, twist, stretch, and work at a desk for long stretches.  Must be able to occasionally move or lift office items up to 25 pounds

• Hearing Requirements: Hearing must be sufficient or correctable to ensure clear understanding of spoken information, including participating in virtual meetings and phone calls. Use of hearing aids or other assistive devices is acceptable if needed.

• Reading and Writing Proficiency: Ability to read and write in English is essential for processing documents, drafting reports, and following up on necessary actions. Proficiency in written communication is required to handle job-related tasks effectively.

• Vision Requirements: Vision must be adequate or correctable to perform essential job duties, such as reading documents on a computer screen and using other visual tools. Use of corrective lenses or other measures to meet visual requirements is expected if needed.

• Technology Proficiency: Must be proficient in operating a computer and other office productivity tools such as printers, scanners, and collaboration software. 

• Effective Communication: Must possess strong verbal and written communication skills to interact effectively with team members, clients, and other stakeholders via email, video conferencing, and other in office communication tools.

Compensation:

$172,897.75 - DOE

If you like wild growth and working in a unique and fun environment, surrounded by positive community, you'll enjoy your career with us!