Cole Haan

Senior Manager, Cybersecurity Operations & Risk Management (Remote)

Cole Haan · Greenland, New Hampshire, United States · $155K–$185K/yr

Retail · 1,001-5,000 employees

2 d ago
Remote Principal (10+ yrs) Full-time United States
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Oversee cybersecurity operations, incident response, and vulnerability management to reduce technical risk across a global environment. Lead cross-functional initiatives and partner with vendors and IT teams to strengthen security controls and remediate weaknesses.

What they look for

Cybersecurity Operations Incident Response Vulnerability Management Technical Risk Reduction SIEM EDR/XDR Cloud Security Endpoint Privilege Management Security Assessments Stakeholder Management Vendor Management Threat Intelligence Identity & Access Management Privileged Access Management Microsoft 365 Security Security Automation

Requirements

Requires a Bachelor's degree in a technical field and over 7 years of cybersecurity experience, including 3-5 years in a leadership capacity. Must have proven expertise in managing security incidents, vulnerability prioritization, and working with SIEM/EDR platforms.

Benefits

Health Insurance Dental Insurance Vision Care Health Savings Account with Employer Contribution Flexible Spending Accounts 401(k) Retirement Plan with Employer Matching Contributions Short-Term Disability Insurance Life Insurance Vacation Time Sick Time Paid Parental Leave Adoption Assistance Program Charitable Matching Gifts Program Holidays Cole Haan Discounts

Full description

Reporting to the Senior Director, Cybersecurity & Compliance, the Senior Manager, Cybersecurity Operations & Risk Management is responsible for the operational oversight and continuous improvement of cybersecurity operations, incident response, vulnerability management, and technical risk reduction activities. This is a senior manager-level individual contributor role that leads initiatives through influence, coordination, and cross-functional partnership rather than direct people management.

 

The role partners with IT teams, business stakeholders, vendors, and managed service providers to strengthen security controls, reduce risk, and drive timely remediation of security issues. As the operational lead for key cybersecurity functions, this position helps ensure threats, vulnerabilities, and control weaknesses are effectively identified, prioritized, and addressed.

 

The ideal candidate combines strong technical expertise, operational leadership, and communication skills with a demonstrated ability to drive measurable security improvements across a global environment

 

CORE ACCOUNTABILITIES:

 

Security Operations & Incident Response

  • Lead cybersecurity monitoring, investigations, and incident response activities
  • Serve as the operational lead and primary coordinator for cybersecurity incidents and investigations
  • Coordinate containment, recovery, stakeholder communications, and post-incident remediation activities
  • Develop and maintain incident response procedures, playbooks, and tabletop exercises
  • Partner with internal teams, vendors, and managed security service providers to investigate and resolve security events
  • Develop operational metrics and reporting related to threats, incidents, response effectiveness, and overall security posture
  • Develop and maintain operational dashboards and reporting that provide leadership visibility into critical vulnerabilities, remediation status, technology lifecycle risks, security incidents, and unresolved risk exposures

Vulnerability & Threat Management

  • Own vulnerability identification, risk-based prioritization, remediation tracking, exception management, reporting and stakeholder engagement processes. Establish remediation expectations, monitor adherence, remediation SLAs, and escalate aging risks to appropriate technology and business leaders
  • Maintain visibility into end-of-life (EOL) and end-of-support (EOS) technology risks. Partner with Infrastructure, Applications, and Architecture teams to ensure replacement, upgrade, or risk mitigation plans are established and tracked before expiration dates
  • Partner with technology teams to drive timely remediation of vulnerabilities and security weaknesses
  • Develop vulnerability metrics and reporting to measure remediation performance, risk reduction, and program effectiveness
  • Manage vulnerability exceptions and ensure risk acceptance decisions are documented and periodically reviewed
  • Assess emerging threats and organizational exposure to inform remediation priorities
  • Partner with Security Architecture to align remediation efforts with security standards and long-term risk reduction objectives

Security Technology & Operations Improvement

  • Serve as the operational owner for cybersecurity technologies and services, ensuring they effectively support threat detection, incident response, vulnerability management, and risk reduction objectives
  • Continuously improve security monitoring, detection, response, and reporting capabilities
  • Administer and continuously improve endpoint privilege management (EPM) controls to support least-privilege access, application control, and endpoint risk reduction
  • Design and optimize operational workflows, dashboards, alerts, and automation opportunities
  • Partner with Security Architecture and Infrastructure teams to implement and operationalize new security controls and technologies
  • Support onboarding, integration, and optimization of security technologies across the enterprise
  • Manage cybersecurity vendor and service provider relationships, ensuring effective service delivery, operational performance, issue resolution, and alignment with security objectives

 

Security Risk & Control Management

  • Conduct technical security assessments to identify cybersecurity risks, control weaknesses, and remediation opportunities across infrastructure, cloud, applications, and security technologies
  • Partner with Infrastructure, Cloud, Applications, and Security Architecture teams to develop remediation plans
  • Validate implementation and effectiveness of security controls
  • Provide technical expertise and evidence in support of cybersecurity audits, assessments, and compliance activities
  • Maintain remediation tracking, cybersecurity risk registers, technology lifecycle risk inventories, and operational security improvement plans. Drive regular review of outstanding risks with accountable technology leaders and facilitate escalation of overdue remediation activities
  • Assist with third-party security assessments and technical due diligence reviews

Leadership & Collaboration

  • Serve as a trusted cybersecurity subject matter expert across operational security initiatives.
  • Build strong relationships with technology teams, business stakeholders, vendors, and service providers
  • Drive accountability for remediation activities and security commitments
  • Foster a culture of operational excellence, continuous improvement, and proactive risk management
  • Communicate cybersecurity risks and recommendations to both technical and non-technical audiences
  • Establish and lead recurring cybersecurity operational review meetings focused on vulnerability remediation, technology lifecycle risks, exception management, and risk reduction progress across the enterprise

Qualifications

Education

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
  • Advanced degree preferred

Experience

  • 7+ years of cybersecurity experience, with demonstrated success in security operations, incident response, vulnerability management, and technical risk reduction initiatives
  • 3-5 years leading security operations, vulnerability management, or incident response functions.
  • Experience managing security incidents and coordinating cross-functional technical response activities
  • Experience working with SIEM, EDR/XDR, vulnerability management, and cloud security platforms
  • Experience prioritizing remediation efforts using business risk, exploitability, and threat intelligence
  • Experience presenting cybersecurity risks, trends, and operational metrics to leadership
  • Experience working with cybersecurity vendors, MSSPs, and technology partners

 

Preferred Areas of Expertise

 

  • Security Operations & Monitoring
  • Incident Response
  • Vulnerability Management
  • Threat Intelligence
  • SIEM & Security Analytics
  • EDR/XDR Platforms
  • Identity & Access Management
  • Privileged Access Management
  • Microsoft 365 Security
  • Cloud Security
  • Security Automation

 

Preferred Certifications

 

  • CISSP
  • CISM
  • GCIH
  • Security+
  • Microsoft Security Certifications

Base Salary/Hourly Range: From $155,000 to $185,000 annually*

Bonus Eligibility: Yes, eligible for annual target bonus based on company and individual performance

Benefits Offered: Health Insurance, Dental Insurance, Vision Care, Health Savings Account with Employer Contribution, Flexible Spending Accounts, 401(k) Retirement Plan with Employer Matching Contributions, Short-Term Disability Insurance, Life Insurance, Vacation Time, Sick Time, Paid Parental Leave, Adoption Assistance Program, Charitable Matching Gifts Program, Holidays and Cole Haan Discounts

Paid Time Off: Paid vacation days starting at 120 hours, 11 paid company and personal holidays, 3 volunteer days

Sick Leave: Eligible non-exempt employees earn one hour of sick time for every 30 hours worked. Eligible exempt full-time employees earn 2.67 hours of sick time each bi-weekly pay period

 

*Rate of pay dependent upon candidates’ relevant skills, experience, and location