ANDMORE is an omnichannel wholesale marketmaker that fuels opportunities for wholesale buyers and sellers to connect, grow and prosper through physical markets, design centers, and digital channels. The company owns and operates more than 20 million square feet of premium event and showroom space, hosting live events in Atlanta, High Point, N.C., Las Vegas, and New York City. By pairing face-to-face events with always-on digital channels, ANDMORE provides truly omnichannel business platforms for its global customer base.What You’ll Do
The Cybersecurity Engineer will be responsible for implementing and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. This individual will also provide the leadership necessary to manage the risk to the organization and will ensure effective governance, system and product availability, integrity, and confidentiality. This position reports to the Chief Information Security Officer (CISO).
This position will also have technical responsibilities across the enterprise, helping enable the team through automation & investigation of complex security issues for remediation. The role will provide ownership for research and implementation of software tools to alleviate security threats, improving data security through use of encryption, key management, and segregation, helping infrastructure and software engineers design more secure systems via design input and code review, driving change and supporting changes to ensure that systems are properly protected and monitored. Provide support to non-security IT functions as demand requires.Position Responsibilities
Additional Job Functions:
- Supports CISO with the following functions:
- Providing direction for corporate data and cybersecurity protection and overseeing Technology governance and policies.
- Developing corporate security strategy, security awareness programs, security architecture, and security incident response.
- Developing Cycybersecurity architecture security integration plans to protect existing infrastructure and to incorporate future solutions.
- Providing strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.
- Educating IT and business leaders on appropriate security risk and mitigation strategies.
- Develop, maintain, and publish up-to-date security policies, standards, and guidelines. Oversees training and dissemination of security policies and practices.
- Engage in security monitoring by responding to alerts escalated from our Managed Detection and Response function across security capabilities such as access management, cloud security, and network security.
- Collaborates with IT and business compliance team(s) as needed and coordinates the technical component of both internal and external audits, and federal and state examinations to ensure security programs are in compliance with relevant laws, regulations, and policies.
- Evaluates new cybersecurity threats and technology trends and develops effective security controls.
- Develops effective disaster recovery policies and standards to align with company business continuity management program goals. Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
- Evaluates potential security breaches, coordinates response, and recommends corrective actions. Proactively identify deficiencies in the security services that the team is responsible for and propose a plan for improvements.
- Defines and reports on information security metrics.
- Provides project management and leadership to staff and external resources in support of established goals and objectives, improved efficiencies, and problem resolution.
- Ensures accomplishment of all objectives in accordance with corporate policies, procedures, and strategic direction, as well as regulatory standards governing the business.
- Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology. Including the understanding of NIST Cyber Security Framework or similar Cyber Frameworks.
- Provides supervision for Senior Cyber Security Analyst and Security Vendor Management.
- Understands and follows adopted policies and procedures in accordance with business priorities.
- Assesses and supports implementation of automation via scripting and tools to eliminate manual tasks.
- Performs other duties as assigned.
Ability to work in a 24/7 support environment and on-call rotation schedule.Qualifications
- 5 + years of experience working in a Security Operations environment.
- 5 + years of experience developing and enforcing security policies and standards for Azure cloud services and resources, specifically.
- App Services, Functions and App Registration, Azure Platform Security (Perimeter, Network, Host, and Containers), Managed Identities, Key Vault
- Database Security
- Experience with configuring and managing Microsoft Entra (AAD) settings, policies, and integrations for our cloud-based applications and resources.
- Experience with Microsoft Sentinel
- Configuring and managing data connectors for Microsoft Sentinel to collect data from various sources, such as Microsoft 365 Defender, Azure Active Directory, Azure Monitor, and third-party solutions.
- Utilizing the playbooks and logic apps of Microsoft Sentinel to automate and orchestrate common security tasks and workflows.
- Experience with deploying and configuring Microsoft 365 E5 Security technologies such as Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft 365 Defender.
- Experience with Data Discovery, Classification, and implementing Data Privacy and Cookie Policies
- Strong security experience in Vulnerability Management and Network Security is required.
- A strong understanding of network fundamentals, Linux, and Windows security administration is required.
- Experience in Data Privacy and PCI-DSS required.
- Knowledge of common security frameworks, standards, and protocols, such as NIST, ISO, CIS, MITRE ATT&CK, etc.
- Experience in scripting languages, such as PowerShell, Python
- Experience with Github with Advanced Security a plus.
- Experience in establishing cybersecurity and risk metrics for reporting.
- Strong technical leader in the analysis, coordination, and remediation of information security vulnerabilities involving multiple stakeholders.
- Demonstrated ability to work with diverse people, and effective oral and written communication skills.
- Bachelor’s degree from an accredited institution, with a degree preferred in Computer Science or Information technology systems security or related field.
- Azure Security Engineer Associate, Microsoft Security, Compliance, and Identity Fundamentals, or Microsoft 365 Security Administrator Associate Certifications Preferred
- Certified Information System Security Professional (CISSP), GIAC Security Essentials (GSEC), Certified Information Systems Manager (CISM), or Certified Ethical Hacker (CEH) is a plus.
Why you’ll love working at ANDMORE
- Put The Customer First – We listen to and respect our customers to deliver exactly what they need.
- Never Give Up – We act with passion and grit to tackle every challenge that comes our way.
- Live With Integrity – We put a premium on trust and hold ourselves accountable-no ifs, ands, or buts.
- Serve As A Force For Good – We value diverse perspectives and support the ecosystems in which we operate.
- Grow Stronger Together – We collaborate and build connections to create meaningful opportunities.
Our Team Members are our most critical asset. The foundation for our success is built on teamwork, talent, creativity, hard work, and dedication. Together, we truly have a transformational opportunity to positively impact the industries in which we work. We are pleased to offer a wide array of comprehensive benefit programs and services that you would expect to see at a great company like ANDMORE including competitive medical, dental, vision, EAP, FSA, and 401k Retirement Match to name just a few. There are also a few differentiators like unlimited PTO, paid parental leave, BYOD (cell phone compensation), tuition reimbursement, Workplace Rewards
providing discounts to a wide variety of consumer products and services, a “seed” grant of at least $1,000 annually into your Value HSA Plan, and considerably more!
Diversity creates a healthier atmosphere: ANDMORE is an Equal Employment Opportunity/Affirmative Action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.About ANDMORE
ANDMORE is an omnichannel wholesale marketmaker that fuels opportunities for wholesale buyers and sellers to connect, grow and prosper through physical markets, design centers, and digital channels.
We are unique in that we own and operate the largest wholesale showroom buildings in the world where retailers and designers come to purchase products for their stores or clients – like a shopping mall for wholesalers. We also recognize that purchasing happens all year long, not just during market weeks, so we provide digital opportunities for buyers and sellers to connect anytime, anywhere as customer needs dictate.
ANDMORE is a Blackstone and Fireside Investments portfolio company. For more information, visit www.ANDMORE.com.