At Hy-Vee our people are our strength. We promise “a helpful smile in every aisle” and those smiles can only come from a workforce that is fully engaged and committed to supporting our customers and each other.

Job Description:

Job Profile: Director IT Security Engineering

Department: Information Technology

FLSA: Exempt

This is a critical leadership role responsible for guidance, definition, design, planning, and execution of enterprise-wide cybersecurity engineering initiatives to ensure the protection of the organization’s assets, data, and people. This role is also responsible for the oversight and guidance of day-to-day operations, including threat and vulnerability management, incident detection and response, and technical investigations. This role collaborates with other members of information security leadership to develop the vision and strategy for the program and is responsible for leading the engineering and operations team to execute upon that strategy. Through relationships with other IT and operational teams, this role works to influence the organization towards resiliency, privacy, and safety in our technology operations. This position is hybrid eligible and will require travel to the Helpful Smiles Technology center in Grimes, Iowa as required for this role.

PRIMARY RESPONSIBILITIES:

Work with information security leadership to develop and maintain a comprehensive vision and strategy for enterprise-wide security engineering initiatives to support the organization in effectively and securely meeting specific business technology needs.

Contribute to the development, implementation, and management of security policies, procedures, and technologies that ensure the protection of the organization's assets, data, and people.

Plan and direct the implementation and operation of technical security controls with a focus on effective risk management and compliance with industry guidance.

Manage relationships with vendors and managed service providers to ensure service level agreements are met and appropriate value is being recognized from those investments.

Provide oversight to IT colleagues, ensuring that technical systems and processes manage risk appropriately and in compliance with company policies and industry guidance.

Maintain and enhance cybersecurity tools and ensure full adoption and peak operational performance.

Provide technical leadership and management of security projects from conception through deployment and handover.

Provide technical expertise and guidance to the team to address complex security issues and threats.

Understand technical security issues and the implications to the organization and be able to communicate them to management and other business leaders.

Develop and maintain incident response plans and lead the organization's technical response to security incidents.

Establish and maintain stakeholder trust and confidence in the organization’s security posture by staying current with the latest security threats, trends, and technologies.

Identify and recommend to management opportunities to increase effectiveness of team, organization, and technology solutions or refinements to security standards and processes.

Establish and report key benchmarks and KPI's to drive governance, quality, and efficiency.

SUPERVISORY RESPONSIBILITIES :

Lead a team of security professionals responsible for planning, design, implementation, monitoring, attack mitigation and support of security systems to fulfill business needs.

Support a strong security culture through cultivation of business-as-usual security practices.

Build and maintain a high-performing team, including recruiting, hiring, performance management, development, and training.

Provide leadership for team members and colleagues to enable effective and timely delivery of security designs, solutions, tools, practices, and processes.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

Bachelor’s degree in computer science, engineering, information security, or a related field. Additional experience above the minimum may be considered in lieu of the required education.

Related industry certification(s) preferred (CISSP, CISM, etc.)

10+ years of experience in information security or related IT role, including experience managing operations and engineering functions.

Demonstrated ability to assess and prioritize threats, risks, and vulnerabilities.

At least 5 years of experience planning, coordinating, and implementing responsive mitigations.

Working knowledge of industry best practices and cybersecurity frameworks (NIST CSF, CIS Critical Security Controls, MITRE ATTCK and D3FEND, etc.)

Experience in highly regulated environments preferred (PCI DSS, HIPAA, GLBA, CCPA, etc.)

Strong technical knowledge and experience in areas such as threat and vulnerability management, endpoint protection, network security, cloud security, application security, and incident detection and response.

Excellent interpersonal and communication skills - with the ability to present and discuss strategies and technical information in a manner that establishes rapport, persuades others, and establishes understanding, for technical and nontechnical audiences.

Ability to prioritize, organize, and execute in a fast-paced environment.

A strong drive towards continuous improvement, automation, and innovative thinking.

Proven track record of strong leadership, self-motivation, and accountability.

Demonstrated skills in project management; experience with Agile methodologies preferred.

Experience leading a distributed team that provides 24x7 operational support and excellent service delivery is a plus.

Demonstrated capability directing technical teams towards the methodical and expedient analysis of complex business architectures in a high-stress and high-visibility environment.

Ability to exercise independent judgment and creative problem-solving techniques in a highly complex environment.

Working Conditions:

There is constant pressure to meet deadlines and handle multiple projects in a day. Work is typically performed in an office environment.

Financial Responsibility:

Is responsible for company assets. Makes recommendations to supervisor for the disbursement of company funds.

Are you ready to smile, apply today.