Sr Mgr, Information Security

The Senior Manager of Information Security Engineering leads all Information Security Engineers and is accountable for the strategy, delivery, reliability, and maturity of the organization's security engineering service areas, processes, and technologies. This role owns the security engineering technical stack and drives continuous improvement across security platforms, tooling, integrations, automation, and engineering standards.

This leader partners closely with Security Operations, Incident Response, Compliance, Infrastructure, Legal, Audit, Risk, and business stakeholders to ensure security capabilities are effectively engineered, maintained, and improved to support the organization's security and regulatory objectives.

Major Tasks, Responsibilities, and Key Accountabilities

Security Engineering Leadership

• Lead, develop, and mentor a team of Information Security Engineers responsible for the design, implementation, administration, and continuous improvement of security technologies and engineering processes.
• Own engineering accountability for security platforms, technical controls, integrations, automation, and supporting processes across the security program.
• Establish and enforce engineering standards for change control, identity hygiene, logging quality, detection reliability, platform resiliency, and operational supportability.
• Provide technical and business leadership that influences strategic planning, architecture decisions, and security roadmap priorities.

Security Technology & Process Ownership

• Oversee the engineering lifecycle for security technologies, including selection support, implementation, optimization, maintenance, upgrades, and retirement.
• Identify tooling gaps, control weaknesses, operational friction points, and process inefficiencies, and drive improvements that increase effectiveness and reduce risk.
• Ensure security technologies are engineered and operated in a scalable, sustainable, and supportable manner.
• Develop and maintain engineering processes, documentation, standards, and playbooks that improve consistency and team effectiveness.

Cross-Functional Partnership

• Partner with Security Operations, Incident Response, and Compliance teams to ensure security controls and technologies effectively support monitoring, investigations, response, evidence collection, and audit readiness.
• Collaborate with Infrastructure, Identity, Legal, Audit, HRIS, PMO, and other cross-functional teams to implement and sustain security requirements in a practical and operationally effective way.
• Translate technical security issues into concise, leadership-level risk and capability narratives to support decision-making and alignment.

Delivery, Metrics, and Continuous Improvement

• Track and use meaningful engineering and operational metrics to demonstrate effectiveness, service quality, platform health, and improvement opportunities.
• Balance unplanned, high-priority operational engineering work with delivery of roadmap commitments and strategic initiatives.
• Drive maturity in engineering-related processes such as logging governance, access review enablement, platform administration, security automation, and control reliability.

People Leadership

• Select, develop, motivate, and retain a high-performing team of security engineers.
• Coach engineers through technical escalations, complex problem-solving, and high-pressure operational events.
• Foster a culture of accountability, collaboration, operational excellence, and continuous improvement.

• Bachelor's degree in computer science, Information Technology, Information Security, or related field, or equivalent relevant experience.
• 10+ years of progressive experience in information security, with significant focus on security engineering, security technologies, and operational enablement.
• Proven experience leading a security engineering team responsible for enterprise security tooling and technical controls.
• Strong leadership and people management skills, with experience developing and coaching teams of security professionals.
• In-depth knowledge of security technologies and controls such as network security, endpoint protection, identity and access security, privileged access concepts, logging and monitoring platforms, and security automation.
• Demonstrated success maturing engineering-related security processes such as log governance, access review enablement, detection reliability, control administration, and audit support.
• Ability to prioritize urgent operational work while continuing to deliver planned roadmap initiatives.
• Strong capability in translating technical security issues into concise, leadership-level communications and recommendations.
• Experience working cross-functionally with Legal, Audit, Infrastructure, HRIS, PMO, and other enterprise stakeholders.
• Familiarity with regulatory and control frameworks such as PCI, SOX, CCPA, and NIST 800-53.
• Excellent verbal and written communication skills, including the ability to communicate complex technical topics to non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, or CISA are a plus.

Based in St. Louis, Core & Main is a leader in advancing reliable infrastructure with local service, nationwide. As a specialty distributor with a focus on water, wastewater, storm drainage and fire protection products and related services, Core & Main provides solutions to municipalities, private water companies and professional contractors across municipal, non-residential and residential end markets, nationwide. With over 370 locations across the U.S., the company provides its customers local expertise backed by a national supply chain. Core & Main's 5,700 associates are committed to helping their communities thrive with safe and reliable infrastructure. Visit coreandmain.com to learn more.