Senior Manager IT - Security Operation

Reynolds Consumer Products•Lake Forest, IL

3d•Onsite

About The Position

Join Reynolds Consumer Products…and Drive Your Career across a world of opportunities! We provide amazing job opportunities for growth with competitive salaries and benefits in an exciting, dynamic, fast-paced, and fun workplace environment. If you are looking to build a strong career, we have an opportunity for you! We are searching for a Senior IT Manager - Security Operations to join our team located at our headquarters in Lake Forest, IL. Responsibilities Your Role The Senior IT Manager - Security Operations will report directly to the RCP Senior Director of Information Security and is responsible for overseeing, maturing, and operating the end‑to‑end Cyber Defense function for Reynolds Consumer Products. In this leadership role, you will direct the strategy, people, processes, and technologies responsible for threat detection, incident response, cyber threat intelligence, and security monitoring across on‑premises, cloud, SaaS, and OT environments. You will manage internal Cyber Defense analysts while governing our managed security service providers to ensure 24×7 protection, rapid response, reliable detection content, and continuous improvement of defensive capabilities. This role requires strong technical depth, excellent leadership presence, and the ability to drive measurable security outcomes across a highly distributed enterprise. You will partner closely with Infrastructure, Networking, Cloud, IAM, Applications, and business stakeholders to ensure our cyber defense posture meets industry standards and supports RCP’s strategic goals. You will have the opportunity to Make Great Things Happen! Cyber Defense Strategy & Program Leadership Develop and execute RCP’s Cyber Defense strategy covering detection, response, threat hunting, threat intelligence, cloud/identity security, and network/endpoint telemetry. Build and maintain a multi‑year roadmap for capabilities, tooling, automation, and maturity evolution. Establish measurable goals, KPIs, and operational metrics for the Cyber Defense program. Team Leadership & Talent Development Lead, mentor, and develop Cyber Defense analysts and engineers. Oversee team performance, coaching, workload balance, career development, and succession planning. Build a strong culture of operational excellence, readiness, and continuous learning. Threat Detection & Engineering Own the full lifecycle of detection engineering: backlog management, design, development, testing, deployment, tuning, and retirement of use cases. Maintain detection coverage mapped to frameworks such as MITRE ATT&CK, NIST CSF, and relevant threat models. Ensure onboarding, validation, and maintenance of log sources for SIEM, EDR, cloud, identity, network, OT, and SaaS platforms. Drive quality of alerts through false‑positive reduction, noise suppression, and telemetry enrichment. Security Operations & Incident Response Serve as Incident Commander for high‑severity cyber incidents, directing technical response, triage, containment, and eradication activities. Lead executive communications, regulatory notifications (as needed), RCAs, and post‑incident remediation governance. Ensure IR plans, playbooks, tabletop exercises, and runbooks remain current, tested, and effective. MSSP & SOC Governance Govern managed SOC(s) and related MDR/EDR service providers to ensure SLA/SLO compliance, detection accuracy, timely escalations, and service improvements. Lead weekly operational reviews and monthly/quarterly business reviews with MSSP partners. Validate tuning, content development, automation, detection gaps, and service recommendations. Security Technology Ownership Serve as product owner for SIEM, EDR, SOAR, cloud security monitoring, digital forensics tools, and threat intelligence platforms. Drive engineering oversight for: SIEM operations and architecture Endpoint detection and response SOAR playbooks and automation Cloud and identity security telemetry (Azure, AWS, M365, Entra ID/PIM) OT/ICS visibility tooling Lead major platform upgrades, migrations, and evaluations (e.g., SIEM modernization initiatives). Cloud, Identity & SaaS Defense Oversee development and tuning of detections for cloud workloads, identity systems, OAuth/App Consent abuse, MFA anomalies, and SaaS platforms. Ensure protection and monitoring across multi‑cloud/hybrid environments with secure configuration baselines and telemetry

Requirements

Bachelor’s degree in Computer Science or similar area of study, or a directly related field with 10 or more years of work experience.
8+ years of work experience leading Cyber Defense Management.
Exceptional ability to assess and communicate information security concepts and practices with both business and IT stakeholders.
Prior experience supporting hybrid multi-cloud environments, including SaaS, PaaS, IaaS, and on-premises solutions.
Proven experience in design, implementation, and operations of a cyber-defense program with heavy leverage of managed security service provider(s).
Working knowledge of MITRE ATT&CK, NIST CSF, ISO 2700x and COBIT frameworks/standards in relation to a cyber-defense program.
Ability to travel 5%.

Nice To Haves

ClSSP, CISA or Cloud security certification.

Responsibilities

Develop and execute RCP’s Cyber Defense strategy covering detection, response, threat hunting, threat intelligence, cloud/identity security, and network/endpoint telemetry.
Build and maintain a multi‑year roadmap for capabilities, tooling, automation, and maturity evolution.
Establish measurable goals, KPIs, and operational metrics for the Cyber Defense program.
Lead, mentor, and develop Cyber Defense analysts and engineers.
Oversee team performance, coaching, workload balance, career development, and succession planning.
Build a strong culture of operational excellence, readiness, and continuous learning.
Own the full lifecycle of detection engineering: backlog management, design, development, testing, deployment, tuning, and retirement of use cases.
Maintain detection coverage mapped to frameworks such as MITRE ATT&CK, NIST CSF, and relevant threat models.
Ensure onboarding, validation, and maintenance of log sources for SIEM, EDR, cloud, identity, network, OT, and SaaS platforms.
Drive quality of alerts through false‑positive reduction, noise suppression, and telemetry enrichment.
Serve as Incident Commander for high‑severity cyber incidents, directing technical response, triage, containment, and eradication activities.
Lead executive communications, regulatory notifications (as needed), RCAs, and post‑incident remediation governance.
Ensure IR plans, playbooks, tabletop exercises, and runbooks remain current, tested, and effective.
Govern managed SOC(s) and related MDR/EDR service providers to ensure SLA/SLO compliance, detection accuracy, timely escalations, and service improvements.
Lead weekly operational reviews and monthly/quarterly business reviews with MSSP partners.
Validate tuning, content development, automation, detection gaps, and service recommendations.
Serve as product owner for SIEM, EDR, SOAR, cloud security monitoring, digital forensics tools, and threat intelligence platforms.
Drive engineering oversight for: SIEM operations and architecture Endpoint detection and response SOAR playbooks and automation Cloud and identity security telemetry (Azure, AWS, M365, Entra ID/PIM) OT/ICS visibility tooling Lead major platform upgrades, migrations, and evaluations (e.g., SIEM modernization initiatives).
Oversee development and tuning of detections for cloud workloads, identity systems, OAuth/App Consent abuse, MFA anomalies, and SaaS platforms.
Ensure protection and monitoring across multi‑cloud/hybrid environments with secure configuration baselines and telemetry