Principal, Cyber Security
HybridEducationFull-time
Job Summary
The Cyber Security Principal reports to the Senior Manager of Security Operations and serves as a senior technical leader within the Newell Brands information security program. This role is the primary Incident Commander for the Cyber Security Incident Response Plan (CSIRP) — owning end-to-end response coordination for high-severity and critical security incidents across Newell’s global environment.
Key Responsibilities
Incident Command & Response
- Serve as primary Incident Commander in accordance with the Newell Brands CSIRP, leading response activities across all CSIRT functional teams for high-severity and critical incidents.
- Make and communicate time-sensitive decisions to contain incidents, prevent escalation and restore normal operations as quickly and efficiently as possible.
- Coordinate response activities across Security Operations, IT, Legal, HR, Corporate Communications, Privacy and other cross-functional teams, ensuring alignment with CSIRP priorities.
- Partner with the CISO to brief executive leadership, the Information Security Governance Committee, and other key stakeholders on incident status, business impact and response actions.
- Determine when to activate external IR retainer resources, manage those vendor relationships throughout an engagement, and ensure evidentiary integrity.
- Lead post-incident reviews and after-action analysis; document findings and drive implementation of corrective actions to reduce recurrence.
- Maintain and continuously improve CSIRP documentation, incident runbooks and playbooks; conduct tabletop exercises and simulation drills at least annually.
Security Engineering & Control Improvement
- Develop and recommend security control improvements based on incident findings, threat intelligence and gap assessments across endpoint, network, identity and cloud environments.
- Design, build and maintain detection engineering content — SIEM correlation rules, behavioral analytics and custom signatures — to improve fidelity and reduce mean time to detect.
- Lead automation initiatives across Security Operations workflows including alert triage, enrichment, containment actions and case management integrations (SOAR/XSOAR or equivalent).
- Evaluate emerging security technologies and make evidence-based recommendations for tooling investments that improve detection and response capabilities.
- Collaborate with IT and infrastructure teams to validate that security controls are implemented correctly and test them through adversary simulation and purple team activities.
Security Operation
- Provide senior-level oversight and mentorship to SOC analysts, elevating investigation quality and analyst skill development across the team.
- Support Threat and Vulnerability Management, monitoring and alerting functions, ensuring operational coverage and response readiness across global time zones.
- Maintain an in-depth understanding of Newell Brands’ current and forward-looking threat profile relevant to a global consumer goods company.
- Own the development and maintenance of KPIs and metrics that demonstrate measurable improvement in Security Operations maturity and risk reduction.
- Develop and maintain trusted relationships with stakeholders across IT, Legal, HR, Privacy, Ethics and business unit leadership.
- Regularly engage the information security community to identify emerging threats, intelligence and techniques that may impact Newell Brands.
Education
Bachelor’s degree in Information Security, Computer Science, Information Management Systems or a related field required.
Required Qualification
- 10+ years of experience in cyber security required, with a minimum of 5 years in a dedicated Incident Response or Security Operations role.
- Demonstrated experience serving as an Incident Commander or leading response efforts for high-severity incidents (ransomware, data breach, nation-state intrusion or equivalent).
- Proven experience managing cross-functional response teams under pressure, including coordination with Legal, Communications and executive stakeholders.
- Experience managing and directing external IR retainer engagements and third-party forensic vendors.
- Hands-on expertise with endpoint and network-based forensic investigation, malware analysis and log-based intrusion analysis.
- Practical security engineering experience: SIEM detection content development, SOAR playbook authoring and security automation scripting (Python, PowerShell or equivalent).
- Demonstrated ability to provide security control recommendations and architecture guidance across endpoint, network, cloud (Azure, M365) and identity environments.
- Strong knowledge of network protocols, OS internals and application-layer vulnerabilities, along with corresponding risk mitigations.
- Prior experience in a Fortune 500 or complex global enterprise environment preferred.
Preferred Qualifications
One or more of the following certifications or similar:
- GIAC Certified Incident Handler (GCIH)
- BTL2 (Security Blue Team Level 2)
- OffSec Defense Analyst (OSDA)
- Certified Information Systems Security Professional (CISSP)