Overview
USD 170,000.00 - 200,000.00 per year
Full Time
Skills
IT Security
SAFE
Professional Services
Information Technology
Security Engineering
Directory Services
FOCUS
Vulnerability Scanning
Mentorship
Service Level
Training
Leadership
Real-time
Continuous Improvement
Law Enforcement
Insurance
Public Relations
Crisis Management
Information Security
Software Architecture
Law
Collaboration
Teamwork
Penetration Testing
Network Design
Web Applications
Data Security
Communication
Report Writing
Publishing
Forensics
Electronic Discovery
Legal
Incident Management
Microsoft PowerPoint
Microsoft Excel
Microsoft Visio
Microsoft
Fortinet
Virtual Private Network
Firewall
IDS
IPS
Vulnerability Management
SIEM
Cisco
Computer Networking
Cloud Computing
IaaS
PaaS
Access Control
Endpoint Protection
Contract Management
Negotiations
Service Level Management
Vendor Relationships
Microsoft Exchange
Reporting
Privacy
Analytical Skill
Problem Solving
Conflict Resolution
Organizational Structure
MBA
Data Loss Prevention
Acquisition
Management
Security Operations
Information Systems
CISSP
GCIH
GCFA
Network
Distribution
Health Care
Job Details
Job Description
We Deliver the Goods:
Performance Food Group is looking for a talented Security Operations professional to lead PFG's Security Operations team. Reporting to the Chief Information Security Officer, this individual will oversee all aspects of PFG's security monitoring, detection, response, and vulnerability & exposure management disciplines. The leader will be responsible for directly managing a team of internal Security Operations team members and oversee various third party Managed Security Service and professional services providers, as well as leading matrixed and cross functional information technology and line of business delivery and incident specific response teams in readiness preparation and response to incidents. The successful candidate will have an insaciable passion for finding weaknesses in systems and monitoring for threats against them, keeping pace with and adapting to evolving threats, and leading PFG's response to anything that threatens company data and systems, as well as customer, vendor, and associate data.
Major Functional Responsibilities:
EEO Statement
Performance Food Group and/or its subsidiaries (individually or collectively, the "Company") provides equal employment opportunity (EEO) to all applicants and employees, regardless of race, color, national origin, sex, marital status, pregnancy, sexual orientation, gender identity, religion, age, disability, genetic information, veteran status, and any other characteristic protected by applicable local, state and federal laws and regulations. Please click on the following links to review: (1) our EEO Policy; (2) the "EEO is the Law" poster and supplement; and (3) the Pay Transparency Policy Statement.
Required Qualifications
Bachelor's degree
10 Years+ experience
Demonstrated experience and knowledge of leading Security Operations teams and managing major incidents, including those with ransomware and breached data
Strong teamwork and interpersonal skills
Hold relevant security certifications or willingness to pursue additional certifications
Continuous learning mindset
Experience with managing penetration testing engagements, compromise assessments including those against both network/infrastructure and web applications
Experience leading/managing vulnerability and exposure management capabilities and associated governance, including Working knowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)
Exemplary written and verbal communication skills, specifically the ability to train technical teams and line of business leaders on Security Incident Response Processes, brief stakeholders during incidents, and report writing/publishing.
Proficient in forensic investigation and analysis of computer based systems, eDiscovery, and legal/privacy aspects of security incident management Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)
Experience with Microsoft Entra, Cisco/Fortinet Security Systems (VPN, Firewall, IDS/IPS) Defender EDR, Guardicore Workload Protection/Microsegmentation, Tenable Vulnerability Management, Elastic SIEM, Cisco Umbrella
Advanced knowledge of networking, cloud computing (IaaS/PaaS) security, access controls, endpoint security
Proficient in contract management, negotiation, SLA management, and vendor relationship management - Proficient in regulatory requirements and statutes associated with security incident and data breach disciplines, including but not limited to Security and Exchange Commission Cyber Incident Disclosure Rule, Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), California Privacy Rights Act (CPRA) Ability to work in a highly matrixed
Demonstrated high level of analytical and problem solving skills
Ability to influence cross functional stakeholders and work in highly matrixed organizational structure and federated governance
Preferred Qualifications
Masters/MBA
10 Years+ experience
Proficient in Data Classification and Data Loss Prevention technologies and processes
Familiarity with Mergers and Acquisition, specifically SecOps considerations related to pre-integration exposure management, deployment of security capabilities for visibility/protection pre-infrastructure integration, and delivery of security operations capabilities as part of wholistic IT integration playbook.
Preferred Professional Certification(s): Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH/CSIH), Certified Forensic Analyst (GCFA)
Preference given to candidates located in Richmond, VA Dallas, TX or Denver, CO
Company Description
Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, Va. Grounded by roots that date back to a grocery peddler in 1885, PFG has a nationwide network of approximately 150 distribution centers, 35,000-plus talented associates, and thousands of valued suppliers across the country. With the goal of helping customers thrive, PFG markets and delivers quality food and related products to independent and chain restaurants, schools, business and industry locations, convenience operations, healthcare facilities, vending distributors, office coffee service distributors, big box retailers, and theaters across the U.S.
We Deliver the Goods:
- Competitive pay and benefits, including Day 1 Health & Wellness Benefits, Employee Stock Purchase Plan, 401K Employer Matching, Education Assistance, Paid Time Off, and much more
- Growth opportunities performing essential work to support America's food distribution system
- Safe and inclusive working environment, including culture of rewards, recognition, and respect
Performance Food Group is looking for a talented Security Operations professional to lead PFG's Security Operations team. Reporting to the Chief Information Security Officer, this individual will oversee all aspects of PFG's security monitoring, detection, response, and vulnerability & exposure management disciplines. The leader will be responsible for directly managing a team of internal Security Operations team members and oversee various third party Managed Security Service and professional services providers, as well as leading matrixed and cross functional information technology and line of business delivery and incident specific response teams in readiness preparation and response to incidents. The successful candidate will have an insaciable passion for finding weaknesses in systems and monitoring for threats against them, keeping pace with and adapting to evolving threats, and leading PFG's response to anything that threatens company data and systems, as well as customer, vendor, and associate data.
Major Functional Responsibilities:
- Work with Security Engineering and Administration and Cloud Services Teams residing in PFG's Enterprise Technology Services department to oversee their implementation and management of security related capabilities; Access Control, Directory Services, NetSecOps - Firewall, IDS/IPS, Endpoint Protection, Email Threat Protection, Web Application Firewall, Microsegmentation/Workload Protection capabilities.
- Lead and directly manage PFG's Red Team and Blue Team units, which focus on offensive (e.g. penetration testing, vulnerability scanning) and defensive (monitoring, triage, response) security operations
- Manage and mentor and mentor internally staffed security analysts and oversee outsourced managed security service providers including 24/7 Security Operations Center Level 1 monitoring services, and provider's implementation, enhancement, and support of Security Incident and Event Mangement (SIEM) and Security Orchastration and Automated Response (SOAR) capabilities. Manage vendor relationships, contract, service level agreements, and reporting.
- Establish key metrics and reporting associated with Security Operations, including the definition of metrics, acceptance tolerances, and reporting/performance against established objectives Lead PFG's security education and awareness and insider threat programs, including computer based training, mock phishing, threat advisory communications disciplines
- Own, manage, and update PFG's Security Incident Response Plan and associated readiness of its application, developing and incorporating playbooks and runbooks for tactical, scenario specific security event and incident management. Facilitate directly or commission the execution of pre-incident readiness excercises, from tabletop excercises with technology teams and IT/business leadership, to purple team technical exercises that replicate real world attack scenarios and real time response.
- Oversee daily security event triage, serve as Major Incident Manager during notable incidents, and support workforce investigations attributed to HR, legal matters and violations of company polices. Ensure all notable security incidents follow security incident lifecycle stages, including post mortems, and inform needed continuous improvement in prevention, detection, and response capabilities
- Work with other external stakeholders and scenario specific participants to PFG's Security Incident Response plan, including law enforcement, retained Security Incident Response provider, cyber insurance carriers/brokers, legal, privacy, and public relations, crisis management, and forensics suppliers
- Maintains future Security Operations strategy, contributing as a component to PFG's rolling 3 year Information Security Strategy.
- Contributes to infrastructure and application architecture standards, and provides a feedback loop of needed improvements to SecOps team members, outsourced Managed Security Service Providers, infrastructure and application teams, that foster improvements in system vulnerabilities/exposure and PFG's ability to detect and respond to cyber threats.
- Performs other related duties as assigned.
EEO Statement
Performance Food Group and/or its subsidiaries (individually or collectively, the "Company") provides equal employment opportunity (EEO) to all applicants and employees, regardless of race, color, national origin, sex, marital status, pregnancy, sexual orientation, gender identity, religion, age, disability, genetic information, veteran status, and any other characteristic protected by applicable local, state and federal laws and regulations. Please click on the following links to review: (1) our EEO Policy; (2) the "EEO is the Law" poster and supplement; and (3) the Pay Transparency Policy Statement.
Required Qualifications
Bachelor's degree
10 Years+ experience
Demonstrated experience and knowledge of leading Security Operations teams and managing major incidents, including those with ransomware and breached data
Strong teamwork and interpersonal skills
Hold relevant security certifications or willingness to pursue additional certifications
Continuous learning mindset
Experience with managing penetration testing engagements, compromise assessments including those against both network/infrastructure and web applications
Experience leading/managing vulnerability and exposure management capabilities and associated governance, including Working knowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)
Exemplary written and verbal communication skills, specifically the ability to train technical teams and line of business leaders on Security Incident Response Processes, brief stakeholders during incidents, and report writing/publishing.
Proficient in forensic investigation and analysis of computer based systems, eDiscovery, and legal/privacy aspects of security incident management Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)
Experience with Microsoft Entra, Cisco/Fortinet Security Systems (VPN, Firewall, IDS/IPS) Defender EDR, Guardicore Workload Protection/Microsegmentation, Tenable Vulnerability Management, Elastic SIEM, Cisco Umbrella
Advanced knowledge of networking, cloud computing (IaaS/PaaS) security, access controls, endpoint security
Proficient in contract management, negotiation, SLA management, and vendor relationship management - Proficient in regulatory requirements and statutes associated with security incident and data breach disciplines, including but not limited to Security and Exchange Commission Cyber Incident Disclosure Rule, Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), California Privacy Rights Act (CPRA) Ability to work in a highly matrixed
Demonstrated high level of analytical and problem solving skills
Ability to influence cross functional stakeholders and work in highly matrixed organizational structure and federated governance
Preferred Qualifications
Masters/MBA
10 Years+ experience
Proficient in Data Classification and Data Loss Prevention technologies and processes
Familiarity with Mergers and Acquisition, specifically SecOps considerations related to pre-integration exposure management, deployment of security capabilities for visibility/protection pre-infrastructure integration, and delivery of security operations capabilities as part of wholistic IT integration playbook.
Preferred Professional Certification(s): Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH/CSIH), Certified Forensic Analyst (GCFA)
Preference given to candidates located in Richmond, VA Dallas, TX or Denver, CO
Company Description
Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, Va. Grounded by roots that date back to a grocery peddler in 1885, PFG has a nationwide network of approximately 150 distribution centers, 35,000-plus talented associates, and thousands of valued suppliers across the country. With the goal of helping customers thrive, PFG markets and delivers quality food and related products to independent and chain restaurants, schools, business and industry locations, convenience operations, healthcare facilities, vending distributors, office coffee service distributors, big box retailers, and theaters across the U.S.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.