Senior Manager IT - Security Operation

Join Reynolds Consumer Products
…and Drive Your Career across a world of opportunities! We provide amazing job opportunities for growth with competitive salaries and benefits in an exciting, dynamic, fast-paced, and fun workplace environment. If you are looking to build a strong career, we have an opportunity for you! We are searching for a Senior IT Manager - Security Operations to join our team located at our headquarters in Lake Forest, IL.

The Senior IT Manager - Security Operations will report directly to the RCP Senior Director of Information Security and is responsible for overseeing, maturing, and operating the end‑to‑end Cyber Defense function for Reynolds Consumer Products. In this leadership role, you will direct the strategy, people, processes, and technologies responsible for threat detection, incident response, cyber threat intelligence, and security monitoring across on‑premises, cloud, SaaS, and OT environments.

You will manage internal Cyber Defense analysts while governing our managed security service providers to ensure 24×7 protection, rapid response, reliable detection content, and continuous improvement of defensive capabilities. This role requires strong technical depth, excellent leadership presence, and the ability to drive measurable security outcomes across a highly distributed enterprise. You will partner closely with Infrastructure, Networking, Cloud, IAM, Applications, and business stakeholders to ensure our cyber defense posture meets industry standards and supports RCP’s strategic goals.

• Develop and execute RCP’s Cyber Defense strategy covering detection, response, threat hunting, threat intelligence, cloud/identity security, and network/endpoint telemetry.
• Build and maintain a multi‑year roadmap for capabilities, tooling, automation, and maturity evolution.
• Establish measurable goals, KPIs, and operational metrics for the Cyber Defense program.

• Lead, mentor, and develop Cyber Defense analysts and engineers.
• Oversee team performance, coaching, workload balance, career development, and succession planning.
• Build a strong culture of operational excellence, readiness, and continuous learning.

• Own the full lifecycle of detection engineering: backlog management, design, development, testing, deployment, tuning, and retirement of use cases.
• Maintain detection coverage mapped to frameworks such as MITRE ATT&CK, NIST CSF, and relevant threat models.
• Ensure onboarding, validation, and maintenance of log sources for SIEM, EDR, cloud, identity, network, OT, and SaaS platforms.
• Drive quality of alerts through false‑positive reduction, noise suppression, and telemetry enrichment.

• Serve as Incident Commander for high‑severity cyber incidents, directing technical response, triage, containment, and eradication activities.
• Lead executive communications, regulatory notifications (as needed), RCAs, and post‑incident remediation governance.
• Ensure IR plans, playbooks, tabletop exercises, and runbooks remain current, tested, and effective.

• Govern managed SOC(s) and related MDR/EDR service providers to ensure SLA/SLO compliance, detection accuracy, timely escalations, and service improvements.
• Lead weekly operational reviews and monthly/quarterly business reviews with MSSP partners.
• Validate tuning, content development, automation, detection gaps, and service recommendations.

• Serve as product owner for SIEM, EDR, SOAR, cloud security monitoring, digital forensics tools, and threat intelligence platforms.

• SIEM operations and architecture
• Endpoint detection and response
• SOAR playbooks and automation
• Cloud and identity security telemetry (Azure, AWS, M365, Entra /PIM)
• OT/ICS visibility tooling
• Lead major platform upgrades, migrations, and evaluations (e.g., SIEM modernization initiatives)

• Oversee development and tuning of detections for cloud workloads, identity…