Manager, Information Security – IR & Insider Risk

Position Title

Manager, Information Security – IR & Insider Risk

The Manager, Information Security – IR and Insider Risk leads the Information Security Incident Response team in Information Technology. Victoria’s Secret seeks a highly skilled and collaborative leader with proven incident response handling responsibilities and the ability to build and lead our insider risk team function. Insider risk will require collaboration across multiple business and IT partners (HR, legal, etc.). This role is a critical part of VS&Co’s SOC and real‑time monitoring efforts.

This individual must bring hands‑on incident response and incident commander experience, as well as a solid track record defending enterprise infrastructure and applications. The ideal candidate is a mentor by nature, passionate about uplifting team capabilities, providing a round‑the‑clock protection‑oriented mission, and retaining key talent by building a culture of inclusivity, trust, and technical expertise.

At Victoria’s Secret & Co. you’ll join a world‑leading specialty retail brand recognized globally for innovation and excellence in lingerie and fashion. You’ll work alongside industry leaders to set the standard for what a retail brand can achieve, placing customers at the center of everything we do to create products and experiences that bring them joy.

We believe everyone deserves a place where they truly belong. We celebrate individuality and know that your passion, experience, and unique perspective strengthen our team and business. Here, you’ll be empowered to perform, grow, and engage through unmatched opportunities to develop your skills, gain real‑world experience, and learn from the best in the business.

• Lead the Incident Response team and coach team members through incident response and management.
• Be available 24/7 for on‑call duties in leading incidents that span multiple time zones.
• Establish and lead a dedicated insider risk team, leveraging people, process, and technology to best defend our organization from potential internal threats.
• Hold our incident handlers accountable to following process, documenting process, and conducting thorough cyber investigations to protect VS&Co to its fullest potential.
• Ensure incident handlers have adequate knowledge of the environment they are protecting.
• Participate and help lead technical tabletop exercises for IT and security stakeholders, simulating real‑world attack scenarios.
• Responsible for development of team members in both offensive and defensive security disciplines – driving alignment on technologies and platforms in use at VS&Co.
• Conduct administrative management duties including performance management, talent development and related administrative tasks.
• Develop, tune, and report on KPI’s for our SOC, and insider risk teams.
• Oversee deployment, tuning, and operational use of insider risk technologies (DLP, UEBA, CASB, IAM analytics).

for benefit details related to this position.

Minimum Salary: $

Maximum Salary: $

• 8+ years’ experience in Cybersecurity Technologies
• 3–5 years of experience in incident response handling
• 3–5 years of experience utilizing enterprise security toolsets for investigations and proactive security control enforcement (SIEM, EDR, firewall, WAF, etc.).
• Demonstrated hands‑on expertise and impact in similar roles in fast‑paced, complex environments
• Strong understanding of MITRE ATT&CK framework, threat emulation, and detection engineering.
• Experience utilizing telemetry of all types; including, but not limited to: DLP, UEBA, CASB, IAM toolsets, and cloud service providers (Azure, GCP, AWS).
• Proven leadership or mentoring experience in cybersecurity teams.
• Ability to communicate and engage effectively at all levels of the organization within IT and with non‑IT stakeholders.

• Experience in building purple team programs from the ground up.
• Familiarity with cyber threat intelligence and TTP development.
• Experience managing third parties to help deliver managed bot mitigation and WAF capabilities for web‑based applications.
• Relevant certifications (e.g., CISSP, GCIH, CTIP, SSCP,…