Manager, Cybersecurity Operations

It's fun to work in a company where people truly believe in what they are doing. At Dutch Bros Coffee, we are more than just a coffee company. We are a fun-loving, mind-blowing company that makes a difference one cup at a time.

Position Overview:

The Manager of Cybersecurity Operations plays a crucial role in ensuring the protection and security of critical systems and sensitive information across the organization. Reporting to the Director, Cybersecurity this role oversees key cybersecurity programs, including the Security Operations Center (SOC), Vulnerability Management, Data Loss Prevention (DLP), ensuring the confidentiality, integrity, and availability of critical assets. This role will be tasked with driving security strategies and initiatives while proactively addressing emerging cybersecurity risks. Strong technical expertise, leadership capabilities, and a proactive approach to challenges are essential for success in this role.

Job Qualifications:

Bachelor's degree (BA/BS) in a related discipline, or 4 additional years of related experience, required A minimum of 6 years of experience in infosec roles that provide a background in IT areas such as software development, infrastructure, operations, and incident response, is required Understanding of Artificial Intelligence (AI) concepts, including their applications, risks, and implications within cybersecurity environments A Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification, is preferred Proven experience managing a SOC and implementing vulnerability management, and DLP Strong knowledge of cybersecurity technologies, MDR, EDR, SIEM, SOAR, Vulnerability Management tools and best practices Thorough understanding of SOX, CCPA, PCI, NIST, and CIS18 Previous experience in SaaS-heavy environments and vendor management Deep experience with risk management, threat modeling, and vulnerability assessment Can lead without authority. Ability to lead, mentor, and develop a high-performing cybersecurity team, fostering a collaborative and growth-oriented environment Expertise in managing high-pressure, time-sensitive incidents and making quick, informed decisions under stress In-depth knowledge of current and emerging cyber threats, with the ability to apply advanced detection methodologies to stay ahead of risks Familiarity with cloud security frameworks, controls, and best practices for securing cloud environments (e.g., AWS, Azure, Google Cloud)

Location Requirement:

This role is located in Tempe, Arizona. This position is required to be in office 4 days per week (Mon-Thurs); Fridays are optional remote work days. Key Result Areas (KRAs): Design workflow and processes for Security Operations Center (SOC): Manage and optimize the day-to-day operations and tools of the SOC, ensuring effective monitoring, detection, and response to security incidents. Develop and implement SOC processes and procedures to improve efficiency and effectiveness with increased focus on new capabilities and advanced threat detection.

Incident Response:

Oversee the incident response process, ensuring rapid identification, containment, eradication, and recovery from security incidents. Conduct post-incident reviews and implement lessons learned to enhance security measures. Partners with IT and GRC teams to maintain readiness, incident response plans, to include building playbooks and conducting simulations ensuring preparedness across the organization.

Vulnerability Management:

Lead the vulnerability management program, including vulnerability assessments, prioritization, and remediation strategies. Collaborate with IT and development teams to ensure timely patching and vulnerability mitigation. Establish metrics on the status of the program and inform leadership on areas for opportunity. Data Loss Prevention (DLP): Oversee the DLP strategy, ensuring the protection of sensitive data across all platforms and preventing unauthorized access or data exfiltration. Conduct regular audits and assessments to evaluate DLP effectiveness and compliance. AI-Driven Security Strategy & Risk Management Define and drive key results related to Artificial Intelligence adoption and governance within cybersecurity, including evaluating AI-driven security tools, understanding AI-enabled threat vectors, and ensuring secure, responsible use of AI across security operations. Support the growth of the infosec team while operationalizing cybersecurity initiatives to highlight improvements in posture: Evangelize scorecards against NIST and CIS standards to track the improvement of security across programs. Foster team mentality centered around business benefits from security initiatives. Actively participate in hiring processes and onboarding of new employees and vendors. Plan, assign and support workloads for direct reports. Grow and mentor security talent. Set reasonable stretch performance goals, provide balanced, regular performance feedback, and conduct tri-annual performance reviews. Recognize and reward performance excellence. Provide leadership, direction, and training to improve information security awareness. Other duties as assigned

Skills:

Change Management Project Management Business Plan Development Using data to make decisions

Communication Critical Problem Solving Delegation Physical Requirements:

In-Office Environment:

Must be able to work in a busy, crowded, and loud office with frequent distractions and interruptions Must be able to collaborate in-person with occasional impromptu in-person meetings

Office Conditions:

Adaptability to typical office conditions, which may include exposure to air conditioning, heating, artificial lighting, and varying noise levels

Mobility:

Ability to sit, stand, reach, twist, stretch, and work at a desk for long stretches. Must be able to occasionally move or lift office items up to 25 pounds

Hearing Requirements:

Hearing must be sufficient or correctable to ensure clear understanding of spoken information, including participating in virtual meetings and phone calls. Use of hearing aids or other assistive devices is acceptable if needed.

Reading and Writing Proficiency:

Ability to read and write in English is essential for processing documents, drafting reports, and following up on necessary actions. Proficiency in written communication is required to handle job-related tasks effectively.

Vision Requirements:

Vision must be adequate or correctable to perform essential job duties, such as reading documents on a computer screen and using other visual tools. Use of corrective lenses or other measures to meet visual requirements is expected if needed.

Technology Proficiency:

Must be proficient in operating a computer and other office productivity tools such as printers, scanners, and collaboration software.

Effective Communication:

Must possess strong verbal and written communication skills to interact effectively with team members, clients, and other stakeholders via email, video conferencing, and other in office communication tools.

Compensation:

DOE If you like wild growth and working in a unique and fun environment, surrounded by positive community, you'll enjoy your career with us! Dutch Bros is a fun-loving, mind blowing company that makes a massive difference one cup at a time. We may sell coffee, but we're in the relationship business. We're looking for people who want to have fun, make connections and have a positive influence on communities.