Director Cybersecurity Architecture & Operations

Feeding the world is what we do – how we do it is unique. We are not your textbook consumer packaged goods company. While others are slow to make change happen, we continuously drive both inorganic and organic growth. Our history is evidence of that fact with over 100 years of heritage and growth from brands that transcend generations like Grape Nuts, Honey Bunches of Oats, Fruity Pebbles, Malt-O-Meal, Egg Beaters, Peter Pan Peanut Butter, Bob Evans Farms and more. And our foodservice and ingredient businesses supply other brands, restaurants, stores, and products you love.

Our offices and manufacturing sites are in 60 locations in seven countries, and we have 10,000+ employees. Over the past 10 years, Post has made 20+ acquisitions and reached $6.2 billion in net sales in fiscal 2021. During turbulent times of market uncertainty, the food industry has provided a level of stability unlike other industries.

Post Holdings, Inc. is headquartered in Brentwood, a suburb of St. Louis, Missouri. Our casual professional atmosphere encourages team members to collaborate, innovate and support our operating companies. Our passion and drive advance the reputation of our operating companies and brands—together, we make a difference.

Safeguarding critical information managed and stored in our environment is imperative for the smooth functioning of our business and to uphold our brand reputation. We are currently seeking a Director of Cybersecurity Architecture and Operations, who will be accountable for maintaining the Cybersecurity Architecture, while delivering operational excellence for the Enterprise. This role will ensure that security tools, controls, processes, and policies are designed to prevent and respond to threats targeting our Corporate, Manufacturing, and Distribution technical environments.

This role will work in a matrixed organization with multiple Post Holdings Operating units, offering guidance, oversight, and support for operations activities and architecture. The Director will be expected to review emerging technological trends and facilitate the potential adoption of these trends to create a more secure environment. This position has technical and managerial responsibilities; the ability to address technical issues and lead by example is required.

In this role, the Director will contribute to all data/information security policies, guidelines, standards, evaluations, roles, and corporate awareness. The Director will collaborate with user groups, technical groups, and Internal/External Auditors to continuously develop a security architecture designed to offer a high level of security over data processing while preserving system usability and user productivity. The Director should be capable of designing and communicating the value of flexible security solutions, dictated by the needs of a unique hybrid or traditional (on-premise) and cloud-based technology environments.

Architecture

• Assist Corporate and the Operating Units in development an annual risk-based information security plan guided by security architecture changes aligned to Post Holding’s strategies, objectives, and risk profile
• Collaborate with the business to explore new technologies, identify available market solutions and evaluate capabilities of products to protect the confidentiality, integrity, and availability of Post’s data and systems
• Evolve the current framework for security controls, processes, roles, and responsibilities throughout the organization
• Manage relationships with internal and external technology partners to understand features and technology roadmaps to better align on long term objectives and opportunities
• Keep up with emerging technology and trends analyzing the potential applicability and effectiveness in the Post environment to create competitive opportunities
• Prepare presentations at the technical, manager, and executive level to effectively communicate proposed changes to the architecture
• Prepare business cases that articulate and communicate the value and desired outcome of projects
• Contribute to project planning and ensuring that products and deliverables meets design, contracts and work plans
• Facilitate cross partner technical designs to ensure the break-up of technology components are appropriate and provide future agility
• Develop compensating controls for security gaps that cannot support preventive controls

Operations

• Responsible for maintenance, oversight, and operation of security tools, processes, and policies to defend, detect, and respond to threats, vulnerabilities, and attacks targeting the corporate network and data repositories
• Lead, inspire and grow a team of 3+ technical resources
• Responsible for monitoring, detection, and response activities including liaising with third party providers for Corporate and Shared Services
• Develop, execute, and refine an Enterprise Incident Response (I/R) Program for both Operational Technology (OT) and Information Technology (IT) Environments
• Monitor multiple sources (news, threat feeds, information sharing partnerships) for identified vulnerabilities, identify applicability of the vulnerability to Post and communicate priority and scope to affected stakeholders
• Implement continuous improvement to current prevention or detection controls to mitigate identified security gaps
• Define and increase service levels for the operations team
• Manage awareness program including cyber training, phishing testing, and general cyber awareness
• Manage our threat identification and threat intelligence capabilities
• Provide I/R Leadership during incidents through response and recovery
• Collaborate with Business Units to develop and execute plans to improve incident readiness across the Enterprise
• Designing, organizing, and facilitating cybersecurity table-top exercises, that help the organization assess and improve its incident response capabilities. Create and maintain comprehensive incident playbooks, which serve as step-by-step guides for responding to various types of security incidents, such as data breaches, DDoS attacks, and insider threats
• Provide reporting and metrics on I/R.
• Select and manage third party providers to assist with I/R

#LI-Hybrid

EXPERIENCE

• 10+ years IT leadership experience managing within complex technical environment
• 6+ years of information security experience including SaaS, cloud hosting, progressive security architecture; preferably within a publicly traded and CPG or Manufacturing sector or acquisition focused organization
• 5+ years of architecture experience designing technical solutions; Cybersecurity or Infrastructure preferred
• 3-5 years’ hands on experience with security tools suites such as:
  • Anti-Malware & Anti-Virus
  • Vulnerability Scanning & Security Patching
  • Password Access Management, MFA and SSO
  • Content Blocking & Phishing
  • SIEM & SOC Model
  • AI/ML Email Security
  • DLP and/or DRM (desired)
• 3-5 years’ experience in managing security within major ERP Software environments is preferred (such as SAP, JDE, or NetSuite)
• 2+ years’ experience managing security for cloud vendors directly and security integration into SaaS applications

EDUCATION

• Bachelor’s degree – Computer Science/Information Systems/Information Security required
• MS or MBA preferred
• Cybersecurity Certifications with a management focus (CISSP, CISM, CISA, GCIH) preferred

KNOWLEDGE AND SKILLS

• Skilled in working with information security control frameworks (e.g., NIST)
• Knowledge of relevant laws, policies, procedures, or governance as they relate to work that may impact critical systems
• Familiar with incident response and handling methodologies
• Experience with intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
• Knowledge of network security architecture concepts including topology, protocols, components, and principles
• Proficient in system administration, network, data protection, and operating system hardening techniques
• Knowledge of disaster recovery continuity of operations plans
• Knowledge of host/network access controls (e.g., access control list) and firewall technologies.
• Comfortable with principles used to manage risks related to the use, processing, storage, and transmission of information or data
• Experience with network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), tools and network traffic analysis methods
• Stays abreast of new and emerging IT and information security technologies
• Knowledge of penetration testing principles, tools, and techniques
• Knowledge of system and application security threats and vulnerabilities (e.g., mobile code, cross-site scripting, SQL injections, and malicious code)
• Familiar with systems lifecycle management principles, including software security and usability
• Objectively assess the impact, likelihood, velocity, and magnitude of identified risks
• Objectively advise on any number of technical controls that will mitigate risk while not imposing undue burden on those who must implement the controls
• Mediate differing perspectives on risks between a variety of Technology Division stakeholders