Sr. Manager, IT Security Operations

About the Company
e.l.f. Beauty, Inc. stands with every eye, lip, face and paw. Our deep commitment to clean, cruelty free beauty at an incredible value has fueled the success of our flagship brand e.l.f. Cosmetics since 2004 and driven our portfolio expansion. Today, our multi-brand portfolio includes e.l.f. Cosmetics, e.l.f. SKIN, pioneering clean beauty brand Well People, Keys Soulcare, a groundbreaking lifestyle beauty brand created with Alicia Keys and Naturium, high-performance, biocompatible, clinically-effective and accessible skincare.
We have annual revenues of ~$900 million and our business performance has been nothing short of extraordinary with 20 consecutive quarters of net sales growth as we have grown to #3 mass cosmetics brand in the US and are the fastest growing brand among the top 5. Our total compensation philosophy offers every new hire competitive pay and benefits, bonus eligibility (200% of target over the last four fiscal years), equity given to every full-time employee as a part of their new hire package, flexible time off, year-round half-day Fridays, and a hybrid 3 day in office, 2 day at home work environment. We believe the combination of our unique culture, total compensation, workplace flexibility and care for the team is unmatched across not just beauty but any industry.
Position Summary:The IT Security Operations Sr. Manager is responsible for overseeing and managing the daily operations of the organization's information security program. This role involves planning, implementing, and monitoring security measures to protect the organization's computer systems, networks, and data. They collaborate with cross-functional teams, establish, and enforce security policies, and ensures compliance with industry regulations.
Responsibilities:
 Security Operations Management:•     Lead and manage the day-to-day operations of the IT security team.•     Oversee the deployment and maintenance of security infrastructure, tools, and technologies. •     Monitor security alerts, incidents, and vulnerabilities, and coordinate response and resolution efforts.
Incident Response and Investigation:•     Develop and implement incident response plans to address and mitigate security incidents.•     Conduct thorough investigations into security breaches and incidents, documenting findings and recommending corrective actions.•     Collaborate with internal teams to ensure timely incident response and resolution.
Policy Development and Enforcement:•     Develop, update, and enforce information security policies and procedures.•     Ensure that security policies align with industry best practices and compliance requirements.•     Conduct regular security awareness training for staff to promote a security-conscious culture.
Risk Assessment and Management:•     Conduct regular risk assessments to identify and prioritize security risks.•     Develop and implement risk mitigation strategies and controls.•     Monitor and report on the effectiveness of risk management initiatives.
Collaboration and Communication:•     Collaborate with IT, legal, and other departments to ensure a cohesive approach to security.•     Communicate security-related information to executive leadership and stakeholders.•     Foster strong relationships with external security partners and vendors.
Compliance:•     Ensure compliance with relevant laws, regulations, and industry standards.•     Conduct regular audits and assessments to verify compliance and identify areas for improvement.•     Work with legal and compliance teams to address any regulatory requirements.
Security Awareness and Training:•     Develop and deliver security awareness programs to educate employees on security best practices.•     Compile and analyze data for accurately timely reporting of activity.•     Provide ongoing training and communication to keep the organization informed about emerging security threats and trends. Qualifications:
•     Bachelor’s degree in Information Technology, Information Security, or a related field. Master's degree is a plus.•     5+ proven experience in IT security operations, with a focus on leadership and management.•     Preferred Industry certifications such as CISSP, CISM, or equivalent.•     In-depth knowledge of security frameworks, standards, and best practices.•     Strong understanding of risk management, incident response, and security technologies.•     Detailed understanding of the MITRE ATT&CK Framework and/or the Cyber Kill Chain•     Excellent communication and interpersonal skills.
Technical Knowledge:•     Extensive knowledge of cloud security technologies (Azure Infrastructure, AWS, GCP, SaaS, IAM)•     Excellent knowledge of Security related systems (i.e., Firewalls, SASE, EDR/MDR, Vulnerability Management, Patch Management, SIEM, NAC, etc.)•     Proficient knowledge and experience with networking technologies (i.e., WAN connectivity, access points, network switches, load-balancers, routing protocols, firewalls, VPNs, VLANs, LAN Segmentation methodologies, etc.)•     High proficiency with the following disciplines: Directory services (LDAP, AD), DNS, anti-malware/virus technologies, IDS/IPS, WIPS, mobility, PC and Mac computing, Azure AD and Office 365 ecosystem, network security, disaster recovery, SOX compliance This job description is intended to describe the general nature and level of work being performed in this position. It also reflects the general details considered necessary to describe the principal functions of the job identified, and shall not be considered, as detailed description of all the work required inherent in the job. It is not an exhaustive list of responsibilities, and it is subject to changes and exceptions at the supervisors’ discretion.
e.l.f. Beauty respects your privacy. Please see our Job Applicant Privacy Notice (www.elfbeauty.com/us-job-applicant-privacy-notice) for how your personal information is used and shared.