Manager, Cyber Security & Operations

The AZEK Company

The AZEK Company (www.azekco.com) is a $1 Billion and growing industry-leading manufacturer of beautiful, low-maintenance, and environmentally sustainable building products, with a focus on decking and outdoor living. Consistently recognized as the market leader in innovation, quality and aesthetics, products across AZEK’s portfolio are made from up to 100% recycled material and primarily replace wood on the outside of homes, providing a long-lasting, eco-friendly and stylish solution to consumers. We are committed to accelerating the use of recycled material in the manufacturing of our innovative products, keeping millions of pounds of waste out of landfills each year and revolutionizing the industry to create a more sustainable future. In June 2020, we completed a highly successful IPO (NYSE: AZEK).

We are committed to providing a diverse, equitable and inclusive workplace where diversity of all kinds is sought out, valued, respected and appreciated. We are building and promoting a culture where everyone feels empowered to bring their full, authentic selves to work. It fuels our innovation, drives operational excellence and is a source of our competitive differentiation, while connecting us closer to our customers and the communities we serve.

This position can be based at our corporate headquarters in Chicago’s West Fulton Market District, as well as at our Wilmington, OH and Scranton, PA manufacturing complexes with a hybrid work schedule.

Position Summary:

AZEK is seeking a Cyber Security Operations Manager to lead all aspects of cyber security operations for the enterprise: incident response, network security, endpoint security, email security, OT security, cloud security, and vulnerability management. You will be expected to lead the incident response function, manage cyber security technologies, monitor and respond to cyber security alerts, develop security operations processes, provide best practice recommendations to stakeholders, and understand the current cyber security threat landscape.

This role reports directly to the Chief information Security Officer (CISO) and is a key member of the cyber security team.

Your primary duties and responsibilities will be:

• Strong understanding of cyber security industry best practices and frameworks such as NIST CSF, CIS, MITRE ATT&CK, Cyber Kill Chain, etc. and knowledge on how to apply them in an enterprise environment.
• Manage the day-to-day cyber security operations including the investigation, containment and remediation of incidents escalated through the Managed Security Services Provider (MSSP).
• Provide tactical and strategic leadership for cyber security functions including network security, cloud security, vulnerability management, incident response, application security, and OT security.
• Develop runbooks corresponding to potential cyber security incidents, including integration of runbooks with external stakeholders and MSSP.
• In-depth understanding and hands-on experience with technologies such as SIEM/SOAR, EDR/XDR, IDS/IPS, NAC, email gateways, Azure AD/Active Directory, DAST/SAST, WAF, firewalls, and vulnerability management tools.
• Identify risks within the IT and OT environments, provide recommendations for risk mitigation, and work across IT and business teams to ensure that mitigations are implemented.
• Oversee and directly participate in the installation, configuration, and monitoring of new cyber security technologies.
• Participate in the development of cyber security policies, standards, and procedures.
• Remain current with emerging cyber security threats and advise relevant stakeholders on the appropriate course of action.
• Manage cyber security operations metrics and reporting.

We believe the successful candidate will have:

• At least 5-years of hands-on cyber security operations experience
• Bachelor's Degree or higher in an Information Technology discipline. As with all positions at AZEK, a satisfactory combination of education and professional experience will be considered.
• Professional certifications such as CISSP, CISM, CCSP, GSEC, GCIA, CEH
• Knowledge of OT/ICS security
• Experience leading cyber security incident response
• Strong analytical and problem-solving skills
• Strong verbal and written communication skills and ability to collaborate with stakeholders.
• Ability to deliver results in a fast-paced environment with competing and changing priorities.
• Enterprise cyber security experience
• A passion for cyber security

Core Competencies:

• Action Orientation
• Drive for Results
• Business Acumen
• Problem Solving
• Vendor Management