Here at Scotts Miracle-Gro there is no such thing as a typical day. Our culture is constantly energized by new and exciting growth opportunities and at a rapid pace. Every Associate plays an important role in providing innovative solutions for today's gardeners and growers and contributing new ideas to improve operations. In our company you need grit, it is what we were founded on over 150 years ago and is what keeps us growing. Regardless of your level in the organization there is a platform for your voice to be heard and the ability to influence change. Family, community and hard working values are weaved into all that we do. Come grow with us, where we develop and nurture the next generation of leaders.
We are looking for a Technical Manager, Cybersecurity who will join our Information & Cyber Security team in a remote capacity, with some travel to our world headquarters, US and International facilities, etc required as needed. The Scotts Miracle-Gro ("SMG") world headquarters is in Marysville, a suburb of Columbus, OH. Not familiar with Columbus? Visit Columbus Region to learn more!
The Scotts Miracle-Gro Company recognizes that our continued long-term success depends on executing not only our strategy, but also protecting our brands, our assets, and our data. The confidentiality, integrity and availability of Scotts' information assets and IT resources, as well as the adherence to laws and contractual obligations regarding information processing, is critical to the mission of the Company. To support that mission, the company continues to invest significant capital and resources to improve our information security capabilities. The Technical Manager, Cybersecurity is a key member of the Information & Cyber Security team responsible for developing and implementing these long-term Information Security strategies for the Company.
This position and the Information & Cyber Security team play a key role in protecting our assets from events that may have a negative impact to the Company and its shareholders. We are looking for high-performing and high-potential candidates who can make a significant and immediate contribution to our team.
What you'll do in this role:
Act as the key technical resource for security matters related to application security and secure development practices.
Collaborate with Business Partners to recommend, design and implement security controls for automation, CI/CD, DevOps and/or DevSecOps, and related cloud infrastructure.
Work closely with internal and external teams to engineer and implement cloud security controls with a focus on application security.
Design, build and run compliance monitoring efforts for large-scale cloud environments running container and microservice technologies.
Lead incident response efforts and perform root cause analysis, recommend and implement continuous improvement process opportunities based on the results of such events, as well as participate in 24x7 on-call procedures.
Analyze data outputs of security monitoring tools and proactively drive appropriate security measures to protect enterprise assets and the end users.
Plan, evaluate, recommend, design and implement security solutions for moderately complex projects, including preparation of cost justifications, use cases, alternative solutions, and technical recommendations.
Present security concepts, technologies and plans to broad audience groups.
Establish sustainable, efficient ongoing processes to ensure security solutions are operated effectively.
Maintain up-to-date knowledge and understanding of information security threats, vulnerabilities, practices, principles, and solutions.
Support independent 3rd party audits, assessments, penetration testing, vulnerability scanning, and reporting to internal and external entities as required to fulfill compliance obligations.
Collaborate with Business Partners and work cross-functionally with departmental team members.
Prepare and present information security and compliance risk dashboard metric reports for a variety of targeted audiences, including technologists and executive leadership.
Support research, interviews, drafting, reviews, revisions, approvals and publication of information security-related policies, standards and procedures.
Other duties as assigned.
What you'll need to be successful:
7+ years of Information Security and/or Application Security work experience.
Bachelor degree in Computer Science or a related field, OR an equivalent combination of education and/or experience.
CISSP, GWAPT, GSEC, CEH or other relevant information security certifications are desired.
Strong experience in DevOps development practices, CI/CD pipelines.
Strong expertise with cloud environments (AWS, Google Cloud Platform, Azure).
Advanced knowledge of Application Security Architectures and Guidance.
Working knowledge of Information Security frameworks, practices and principles (e.g. OWASP TOP 10, ISO 27X, COBIT, CSC, NIST, GAPP, etc.) and is experienced in creating and implementing metrics that measure high performance.
Working knowledge of enterprise network infrastructures including perimeter security and remote access services (e.g.cloud network architecture).
Working knowledge in technical areas (e.g. network security, cloud security, web security, anti-virus/anti-malware, data loss prevention, identity & access management, cryptography, application security, threat and vulnerability management, security event monitoring, incident response, forensics, etc.)
Experienced in successfully dealing with Information Security breaches and or other security incidents that have fostered "lessons learned".
Working knowledge of generally accepted change, problem and incident management principles (e.g. ITIL)
Working knowledge of IT-related laws and compliance mandates including Governance and Risk Compliance (e.g. Sarbanes Oxley 404, PCI DSS, HIPAA/HITECH, Personal Information Privacy).
Working knowledge in project management principles, and has the ability to deliver high quality solutions on time and within budget.
Strong interpersonal skills with the ability to work on cross-functional project teams and foster team commitment to tasks as well as collaborate with Business partners.
Non-Technical skills:
Problem Solving & Analysis
Business Acumen
Communication & Leadership
Relationship Building
Creativity & Innovation
Influence & Organizational Savvy
Planning & Organizing
Here at ScottsMiracle-Gro, we believe providing an enriching and engaging employee experience is what sets us apart from other organizations. We recognize our employees are so much more than just their job title so we offer programs and benefits that support them in all aspects of their lives. Wondering how we do it? Below is a glimpse of our highlight reel...
Our Live Total Health program provides you with options to align to your personal needs. Selections range from medical, dental and visioncoverage for you, your spouse/domestic partner and dependents to an outstanding wellness reimbursement program to an unbelievable 401K match (up to 7.5%)as well as a 15% discount on company stock and much more
We know ourtalent is our most precious asset and your unique development contributes to our organization's success now and in the future. Career growth at our company is not always a ladder. It's much more like a rock climbing adventure. Grow through exploration and experiences rather than a predictable linear path.
We value the importance of family. We provide access to Maven Family Planning and up to $30,000 to accommodate for adoption, fertility and surrogacy.
Be part of something bigger by joining one of our Employee Resource Groups focusing on diversity and inclusion, family, education and sustainability: Scotts Women's Network, Scotts Black Employees' Network, Scotts Veterans' Network, Scotts Young Professionals, Scotts Pride Network (GroPride), Scotts Associates for a Greener Earth (SAGE), Scotts Family TREE and our Associate Boards.
Join a company with a strong belief in giving back to the communities where we live and work. We have a shared passion for service and volunteerism and believe participating in community service benefits our communities and strengthens our team.
Not interested in this role? Stay up to date on future opportunities by joining our ScottsMiracle-Gro and Hawthorne Gardening talent communities.
Scotts is an EEO Employer, dedicated to a culturally diverse, drug free workplace.
Please note that the Scotts Miracle-Gro company does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Master Service Agreement, and specific approval to submit resumes to an approved requisition, the Scotts Miracle-Gro company will not consider or approve payment regarding recruiter fees or referral compensations.
