The Security Operations Lead will direct the cybersecurity program at Papa, Inc. This program broadly includes: incident response, anomaly detection, data protection, social engineering defenses and user training, AWS and proprietary software hardening, IT compliance certifications, and customer security questionnaires. The Lead will draw on a background in software development and cybersecurity to create a roadmap that addresses daily, operational needs and strategic, longer-term goals. This person will collaborate with stakeholders such as Engineering, Compliance, People, and Procurement to design workflows that achieve shared goals.  

The ideal candidate will have led a Security Operations (or similar) team previously and be able to demonstrate the impacts of their leadership on company cyberdefenses, compliance, and costs / efficiency. They will have excellent people skills, be fearless in their quest for knowledge, and focus on implementing practical, effective security practices.  Finally, the ideal candidate will be kind, respectful, collaborative, and contribute to Papa’s people-first culture.

Essential Job Functions:

• Collaborate with CIO to define the direction and values of Security Operations that all security implementations should reflect
• Assemble a big picture view of the security program, assess the effectiveness vs efficiency of all practices in place and prioritize new initiatives accordingly
• Partner with Legal and Compliance to refine the mission of the IT Compliance team and support their operational and long-term projects
• Design new approaches to operationalize customer security information requests, ultimately reducing the cost of this process
• Collaborate with the People team to ensure that employees receive the most effective and efficient cybersecurity awareness training at the right frequency and that our compliance goals are met
• Develop a robust anomaly detection program that separates noisy data from valuable alerts, resulting in an effective notification system
• Support the company in the ongoing effort to stay current with data privacy regulations, including adding automation wherever possible 
• Design a repeatable security incident response process that both meets compliance criteria and allows for practical, rapid response
• Work with the Engineering team to implement best in class security practices around AWS hardening, pen-testing, and CVE management
• Collaborate with the CIO to define operational security workflows and ensure effective staffing, eliminating single points of failure and developing career ladders where appropriate

Requirements:

• 10+ years of software development experience, demonstrating a progression to more senior roles
• 5+ years of cybersecurity specialization, including familiarity with pen-testing, CVE remediation, AWS or other cloud service security configurations, and zero trust architecture
• Intermediate or better familiarity with SOC 2, SOX, HIPAA, or related security frameworks
• Advanced knowledge of AWS and its core products/features
• Advanced UNIX expertise
• Advanced SQL knowledge, including the ability to write and debug queries
• Strong working knowledge of Okta
• Familiarity with software languages such as Go, Java, and Elixir a plus 
• Bachelor’s degree or equivalent experience
• Strong familiarity with Google Workspace applications, Slack, and ticketing systems like Jira preferred

Papa’s culture is People-first. While we have an incredible team of hard-working Papa people, at the end of the day, our company is really about family and community – and we celebrate that among our employees. We encourage everyone to truly bring their whole authentic selves to work. To be transparent. To be non-hierarchical. And, above all, to be a really good person. 

We see ourselves as a place where every Papa employee feels they belong, a place where careers flourish, a place that brings back purpose and joy to work, a culture where visionaries/entrepreneurs are developed.

Papa’s mission is at the core of our total rewards philosophy wherein we attract and retain high potential talent aligned with our journey. We offer gender neutral and inclusive parental leave policies that offer up to 16 weeks of 100% paid parental leave. We immensely value the benefits of a flexible workplace, while designing remote-first principles we ensured that Papa people feel psychologically safe about their career interests while being remote.