This job has closed.

Performance Food Group · 1 month ago

Senior Director, Information Technology - Security Operations

Nationwide, United States

Full-time

Onsite

Director/Executive

$170K/yr - $200K/yr

10+ years exp

Performance Food Group is a customer-centric foodservice distribution leader headquartered in Richmond, VA. They are seeking a talented Security Operations professional to lead PFG's Security Operations team, overseeing security monitoring, detection, response, and vulnerability management.

Food & Beverages

H1B Sponsor Likely

Responsibilities

Work with Security Engineering and Administration and Cloud Services Teams residing in PFG's Enterprise Technology Services department to oversee their implementation and management of security related capabilities; Access Control, Directory Services, NetSecOps - Firewall, IDS/IPS, Endpoint Protection, Email Threat Protection, Web Application Firewall, Microsegmentation/Workload Protection capabilities

Lead and directly manage PFG's Red Team and Blue Team units, which focus on offensive (e.g. penetration testing, vulnerability scanning) and defensive (monitoring, triage, response) security operations

Manage and mentor and mentor internally staffed security analysts and oversee outsourced managed security service providers including 24/7 Security Operations Center Level 1 monitoring services, and provider's implementation, enhancement, and support of Security Incident and Event Mangement (SIEM) and Security Orchastration and Automated Response (SOAR) capabilities. Manage vendor relationships, contract, service level agreements, and reporting

Establish key metrics and reporting associated with Security Operations, including the definition of metrics, acceptance tolerances, and reporting/performance against established objectives Lead PFG's security education and awareness and insider threat programs, including computer based training, mock phishing, threat advisory communications disciplines

Own, manage, and update PFG's Security Incident Response Plan and associated readiness of its application, developing and incorporating playbooks and runbooks for tactical, scenario specific security event and incident management. Facilitate directly or commission the execution of pre-incident readiness excercises, from tabletop excercises with technology teams and IT/business leadership, to purple team technical exercises that replicate real world attack scenarios and real time response

Oversee daily security event triage, serve as Major Incident Manager during notable incidents, and support workforce investigations attributed to HR, legal matters and violations of company polices. Ensure all notable security incidents follow security incident lifecycle stages, including post mortems, and inform needed continuous improvement in prevention, detection, and response capabilities

Work with other external stakeholders and scenario specific participants to PFG's Security Incident Response plan, including law enforcement, retained Security Incident Response provider, cyber insurance carriers/brokers, legal, privacy, and public relations, crisis management, and forensics suppliers

Maintains future Security Operations strategy, contributing as a component to PFG's rolling 3 year Information Security Strategy

Contributes to infrastructure and application architecture standards, and provides a feedback loop of needed improvements to SecOps team members, outsourced Managed Security Service Providers, infrastructure and application teams, that foster improvements in system vulnerabilities/exposure and PFG's ability to detect and respond to cyber threats

Performs other related duties as assigned

Qualification

Security Operations ManagementIncident ManagementVulnerability ManagementPenetration TestingSecurity CertificationsForensic InvestigationNetworking SecurityCloud SecurityRegulatory ComplianceAnalytical SkillsVendor ManagementTeamworkCommunication SkillsContinuous Learning

Required

Bachelor's degree

10 Years+ experience

Demonstrated experience and knowledge of leading Security Operations teams and managing major incidents, including those with ransomware and breached data

Strong teamwork and interpersonal skills

Hold relevant security certifications or willingness to pursue additional certifications

Continuous learning mindset

Experience with managing penetration testing engagements, compromise assessments including those against both network/infrastructure and web applications

Experience leading/managing vulnerability and exposure management capabilities and associated governance, including Working knowledge of privacy statutes including the European Union General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)

Exemplary written and verbal communication skills, specifically the ability to train technical teams and line of business leaders on Security Incident Response Processes, brief stakeholders during incidents, and report writing/publishing

Proficient in forensic investigation and analysis of computer based systems, eDiscovery, and legal/privacy aspects of security incident management Strong MS Office skills (specifically PowerPoint, Word, Excel, Project, Visio)

Experience with Microsoft Entra, Cisco/Fortinet Security Systems (VPN, Firewall, IDS/IPS) Defender EDR, Guardicore Workload Protection/Microsegmentation, Tenable Vulnerability Management, Elastic SIEM, Cisco Umbrella

Advanced knowledge of networking, cloud computing (IaaS/PaaS) security, access controls, endpoint security

Proficient in contract management, negotiation, SLA management, and vendor relationship management - Proficient in regulatory requirements and statutes associated with security incident and data breach disciplines, including but not limited to Security and Exchange Commission Cyber Incident Disclosure Rule, Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), California Privacy Rights Act (CPRA)

Ability to work in a highly matrixed

Demonstrated high level of analytical and problem solving skills

Ability to influence cross functional stakeholders and work in highly matrixed organizational structure and federated governance

Preferred

Masters/MBA

10 Years+ experience

Proficient in Data Classification and Data Loss Prevention technologies and processes

Familiarity with Mergers and Acquisition, specifically SecOps considerations related to pre-integration exposure management, deployment of security capabilities for visibility/protection pre-infrastructure integration, and delivery of security operations capabilities as part of wholistic IT integration playbook

Preferred Professional Certification(s): Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH/CSIH), Certified Forensic Analyst (GCFA)

Preference given to candidates located in Richmond, VA Dallas, TX or Denver, CO

Benefits

Day 1 Health & Wellness Benefits

Employee Stock Purchase Plan

401K Employer Matching

Education Assistance

Paid Time Off

And much more

Company

Performance Food Group

Glassdoor3.3

Performance Food Group is an industry leader and one of the largest food and foodservice distribution companies in North America with more than 150 locations in the U.S.

Founded in 1885

Richmond, VA, US

10001+ employees

http://www.pfgc.com

H1B Sponsorship

Performance Food Group has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (6)

2024 (1)

2023 (4)

2022 (1)

2021 (3)

Funding

Current Stage

Late Stage

Leadership Team

Joe Davi

SVP - PFS, PRESIDENT & CEO - ROMA FOODS

Chris Miller

Vice President Finance CFO

Company data provided by crunchbase