Sr. Manager of Vulnerability Management & Assurance

About LS&Co.

We believethat clothes - and how you make them - can make a difference. Since 1853, we've beenpassionate aboutinnovation to meet people's needs. We invented the first blue jean. And we reinvented khaki pants. We pioneered labor and environmental guidelines for our manufacturing partners. And wework to buildsustainability into everything we do.

A company doesn't last 171 years by standing still. It endures by reinventing itself,striving to delightits consumers, winning in the marketplace, and byremaining true to its values. We employ more than 17,000 people around the world - supporting great brands, including Levi's, Beyond Yoga, and Dockers. Our employees are committed to progress, authenticity, andcollaboration.

Overview

The Sr. Manager of Vulnerability Management & Assurance plays an integral role in the protection of the brand and works directly with the Director of CyberFusion Center and the broader Global Information Security (GIS) team to design, implement and operate the vulnerability management strategy, priorities, and directives consistent with the vision of the CISO across Levi Strauss & Company globally.

The Sr. Manager of Vulnerability Management & Assurance will take a lead role in safeguarding LS&Co.'s information and technology assets, critical suppliers, and consumers against the evolving threat landscape, allowing LS&Co. to make threat informed cybersecurity decisions to strengthen LS&Co.'s cybersecurity posture.

This position will lead LS&Co's Vulnerability Management program and is responsible for implementation and operation of VM tools and processes that identify and communicate patch status and risks of systems and applications across the enterprise. The position will also manage SAP security and assessment tools.

Position Summary:

The Sr. Manager of Vulnerability Management & Assurance will be responsible for the following activities and functions:

• Coordinating the development and operational processes of the Vulnerability Management program, including systems, networks, and applications. This will include patch remediation, inventory, and Risk management.
• Assists in the detection, containment and analysis of information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
• Develop, implement, and operate Attack Surface Management program to reduce exposure and improve overall security posture.
• Liaises with other security practitioners, and technology leaders to share best practices and insights.
• Drive continuous and proactive assessment processes that alert LS&Co to potential or actual cybersecurity vulnerabilities involving systems, critical assets, or applications.
• Manage and improve Onapsis SAP security and assessment system.
• Develop and maintain TVM and remediation metrics to guide efforts and allocate resources in improving security posture.
• Work with intelligence partners to research and monitor relative and pertinent advanced persistent threats, underground forums, chat channels, and social media, threat actors impactful to LS&Co.
• Encourage cross-functional collaboration and knowledge sharing among team members to enhance problem-solving capabilities and promote a culture of continuous learning.
• Provide mentorship and support to team members, facilitating their career development and advancement within the organization.
• Lead the recruitment, onboarding, and retention of top talent within the department, ensuring a high-performing team capable of meeting organizational objectives.

Requirements

This opportunity requires broad technical skills and experience related to information security strategy planning, threat intelligence techniques and incident response processes for a global organization. To be successful in this position, the candidate must have the following skills and qualifications.

• Detailed knowledge of all aspects of Vulnerability Management processes, tools, metrics, and reporting
• Experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations, digital forensics, and incident response.
• Comprehensive experience with all aspects of ERP Vulnerability Management and security and associated tools and processes.
• An understanding of the MITRE ATT&CK Framework, stages of an attack and sub-techniques. Ability to identify tactics, techniques, and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks.
• Experience in Attack Surface Management (ASM) tools and implementation
• Ability to understand and articulate complex vulnerability information to both technical and non-technical audience.
• Experience performing basic scripting tasks using only what is found in the environment, such as BASH, PowerShell, Python, Perl, or other native scripting languages a plus.
• Ability to drive performance and develop teams - recruit diverse talent, run disciplined performance reviews, and regularly collaborate and check-in on priorities to help focus on key results.
• Advanced knowledge of performance metrics and reporting and risk management
• Relevant security expertise and understanding in a broad array of security technology areas including:

• Application Security (S-SDLC, DevSecOps, and Automation)
• Risk, Compliance, and Security Management
• Security Operations and Incident Response
• Data Classification, Encryption, and Protection
• Embedded, Control, and IoT Device Security

• A strong moral compass, high integrity, and accountability are vital to be a successful in this role

Education

• Bachelor's or Master's degree in computer science, information systems, cyber security or a related field; or equivalent professional experience.

• CISSP or equivalent certifications and experience.

We put a lot of thought into our programs to provide you with a benefits package that matters. Whether it is for medical care, taking time off, improving your health or planning for retirement, we've got you covered. Here's a small snapshot:

• 401Kmatch: $1.25 for every $1.00 you contribute up to the first 6% of pay you save.
• Five hours of paid volunteer time per month with nonprofit organizations.
• Product discount of 60% off regular-price merchandise.

The Company'spolicy is to provide equal opportunity to all persons without regard to race, color, creed, religion, national origin, citizenship, sex, age, sexual orientation, gender identity or gender expression, marital status, Vietnam era/disabled veteran status, physical or mental disability, or other protected classes prohibited by applicable law. Company policy prohibits harassment of applicants or employees on the basis of any protected classes.The Company hasestablished a continuing Affirmative Action Program to assure equal employment opportunity in all its policy decisions affecting recruitment, selection, assignment, promotion, training, and all other terms and conditions of employment.

he expected starting salary range for this role is $144,000 to $203,000. We may ultimately pay more or less than the posted range based on the location of the role. The amount a particular employee will earn within the salary range will be based on several factors including, but not limited to, relevant education, qualifications, experience, skills, performance and business needs.

Levi Strauss & Co. (LS&Co.) offers a total rewards package that includes competitive pay, incentive plans, and a wide array of benefits designed to help you and your family stay healthy, meet your financial goals, and balance the demands of your work and personal life. Available benefits vary depending upon the specifics of the role; details relating to a specific role will be made available upon request.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, benefits or other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.