At CF Industries, our mission is to provide clean energy to feed and fuel the world sustainably. Our employees are focused on safe and reliable operations, environmental stewardship, and disciplined capital and corporate management. By joining CF, you will be part of a team that brings their varied experiences, wide-ranging knowledge and diverse talents together to deliver important work and you’ll be able to pursue complex, exciting opportunities that help you continue to grow and achieve your potential in different areas.  You’ll take pride in working for a company that lives its values and where you can be yourself at work, as part of an authentic team that encourages you to share your views and opinions.  Our eight manufacturing complexes in the United States, Canada, and the United Kingdom, an unparalleled storage, transportation and distribution network in North America, and logistics capabilities enabling a global reach underpin our strategy to leverage our unique capabilities to accelerate the world’s transition to clean energy.

Function:

Information Technology

Job Summary:

The Cybersecurity Manager – Security Operations is responsible for leading the planning, implementation, and ongoing management of the enterprise’s cybersecurity operations, technologies, and processes. This role ensures the effective protection of organizational assets through the continuous monitoring, detection, and response to cybersecurity threats, while maintaining alignment with industry frameworks such as NIST and organizational policies.

Core responsibilities include oversight of cybersecurity operations functions such as security monitoring, threat detection and response, threat hunting, and incident response leadership. The role is accountable for the performance, maturity, and continuous improvement of security operations capabilities across the enterprise.

The Cybersecurity Manager is responsible for managing and optimizing key security technologies and processes, including but not limited to:
• Endpoint Detection and Response (EDR)
• Security Information and Event Management (SIEM)
• Cloud security platforms (e.g., Microsoft Azure security and monitoring capabilities)
• Email security hygiene platforms (e.g., email gateway, phishing protection, and anti-spam solutions)
• Security and threat monitoring solutions
• Incident response program, process and playbook alignment

This position provides leadership and direction to cybersecurity operations personnel and, where applicable, third-party SOC providers, ensuring effective service delivery, operational performance, and adherence to defined SLAs and security standards.

The incumbent serves as a key liaison between IT, security, and business stakeholders, translating security risks into business context and ensuring alignment between cybersecurity operations and organizational objectives.

Job Description:

Major Responsibilities: 

Strategic Planning

• Develop and maintain enterprise security architecture and roadmap

• Contribute to and maintain security policies, standards, and procedures

• Brings current knowledge and a future vision of cybersecurity solutions as related to the Company's business initiatives and the evolving threat landscape

• Collaborate with IT leadership and business stakeholders on security strategy

• Collaborates with Vendors to understand current product offerings and future direction of cybersecurity solutions

• Represents the perspective of the Cybersecurity team as part of a collaborative team of IT Managers when developing the strategic direction for IT

Acquisition & Deployment

• Maintain awareness of emerging threats, vulnerabilities, and technologies

• Evaluate and implement new security tools and enhancements

• Oversee deployment, integration, and configuration of security solutions, initiatives and projects

• Ensure alignment with enterprise standards and best practices

Security Operations Development, Implementation & Support 

• Directs the support of existing systems, ensures that operational problems are solved in a timely fashion and that the technology performance levels meet or exceed the users’ business requirements  

• Directs and coordinates the planning and implementation, including all phases of system design, configuration, programming, installation and operations for (Technology Name Here).

• Ensures IT project management practices are followed to include project management, portfolio management prioritization, enterprise architecture and quality assurance processes. 

• Ensures project deadlines and budget are met  

• Ensure confidentiality, integrity, and availability of enterprise systems and data

• Operate and maintain security technologies across network, endpoint, and cloud environments

• Drive threat-hunting activities daily

• Lead security incident response processes, including investigations and tabletop exercises

• Oversee vulnerability assessments, penetration testing, and audit activities

• Ensure compliance with enterprise security policies and procedures

• Drive high-quality service delivery and timely incident resolution

Organization, Administration and Personnel Management 

• Lead, develop, and manage security operations staff

• Assess, develops, retains, and recruits IT talent that will support the ongoing needs of the business

• Manages and assigns personnel; devises and evaluates the staff's work; and prepares performance evaluations

• Coaches and mentor’s subordinates identifies training needs and recommends development programs.

Supervisory Relationships:

Position reports to the VP, Cybersecurity

Direct Report Positions 

• Supervises security analysts and related technical staff

• May manage supervisors and cross-functional teams

• May oversee contractors and external partners

Incumbent Attributes:

• Education: BS/BA in a related field or equivalent experience typically required to complete all essential job functions. 

• Certification preferred, but not required: CISSP, CISM, GIAC, CIH or, equivalent

• Years of experience: At least 5 years of related professional experience is typically required to complete all essential job functions. Prior experience supervising staff is required.

• Other unique job relevant attributes: Past experience with responsibility for one technology and/or technical function

• Implements new technologies from established vendors

Knowledge & Skills

Strong knowledge of:

• OT network segmentation and visibility aligned to the Purdue Model

• Firewalls, IDS/IPS

• SIEM and security monitoring tools

• Networking (TCP/IP, LAN/WAN)

• Endpoint and data protection technologies

• Experience with NIST-based incident response processes

• Strong analytical, problem-solving, and communication skills

Position Scope/Contribution:

• Breadth of Scope: Scope is typically based on a single functional area or but may manage multiple functional areas. Typically provides broad coordination across functions given the nature of a second level manager. Impact is generally limited to functions managed however may vary based on the specific role.

• Communications and Interpersonal Skills: Regularly communicates both in writing and verbally. Communicates with broad range of contacts. Information exchanged requires advanced knowledge in multiple areas. Moderate influence and persuasion are expected, particularly with regard to subordinates.

• Complexity: Able to solve typical problems that are encountered. Able to diagnose most situations by interpreting data and comparing to similar scenarios. Work involves detailed planning of own activities and immediate work team. May involve resource planning beyond work team. Advanced level of logical reasoning and critical thinking are required.

• Decision Making Authority: Decisions are complex and impact area(s) managed and possibly impact areas not directly managed. More independent judgment is expected and used. Has accountability for the performance and results of a team within own discipline or function. Receives guidance and oversight from manager.

• Financial Accountability: Given the size and scope of the function, revenue and expense are impacted based on the manager’s performance and results of oneself and those managed.

• Strategic Influence: Primarily impacts the execution and achievement of short-term strategies through employees directly and indirectly managed. May also participate in the execution and achievement of long-term strategies. Decisions made are likely to impact the business on a short-term basis.

FMLA:

https://www.dol.gov/whd/regs/compliance/posters/fmlaen.pdf

 

Employee Polygraph Protection Act

https://www.dol.gov/whd/regs/compliance/posters/eppac.pdf

 

• Employees in Canada can learn more about their rights by viewing the “Canadian Human Rights Act”.

 

If you need any assistance seeking a job opportunity at CF Industries, or if you need reasonable accommodation with the application process, please call 847-405-2400 or contact us at [email protected].

JOIN OUR TALENT NETWORK