Security Architect & Operations Lead

Company Description

Since 1940, Dairy Queen® has been one of the world’s best known and loved brands. Based in Minneapolis, MN, International Dairy Queen Inc., (IDQ), is the parent company of American Dairy Queen Corporation. As a leading franchisor, there are more than 7,000 independently owned and operated restaurants in the U.S., Canada and more than 20 countries around the world. IDQ is a subsidiary of Berkshire Hathaway Inc. (Berkshire) which is led by Warren Buffett, the legendary investor and CEO of Berkshire.

Here at IDQ, we create extraordinary Fan experiences every day and we do this through our commitment to hiring and retaining only the best in class talent. We firmly believe that our employees are the catalyst to the success of the company where their initiative, strategic thinking, and entrepreneurial spirit are recognized and rewarded. We're looking for motivated, passionate and dedicated individuals with an inherent need and ambition to go after bigger challenges.

Job Description

We have an exciting opportunity for a Security Architect & Operations Lead based out of our corporate office in Bloomington, MN.  The Security Architect & Operations Lead guides a team of engineers, analysts, and key partners to design, implement and operate enterprise-wide, scalable security strategies and solutions, ensuring alignment with business objectives and regulatory requirements while driving innovation and continuous improvement. The position requires strong leadership, hands on technical expertise, and cross-functional collaboration to protect the organization.  This role will serve as a technology owner / subject matter expert for Security protection, incident management, security solutions, and related controls, processes, and policies.  The individual will lead the efforts to review and improve our security posture and operational services related to applications, servers, and endpoints, for both on premise and cloud technologies.  They will also be a mentor and technical resource to IT functional areas, sharing the overall responsibility for securing our systems, day-to-day maintenance and support of the company’s global infrastructure.

Key Accountabilities Include:

Security Engineering & Operations

• Develop, communicate, and execute security strategies for Cybersecurity defense, protection, detection, response, and recovery
• Design, build, deploy and/or operate security solutions to help scale the security program and assist with buildout and management of an overall Security Roadmap
• Build strong stakeholder partnerships across technical and non-technical teams
• Serve as a key security liaison and SME consultant, embedding secure design principles, control framework practices into cross-functional initiatives, projects, and enterprise transformations.
• Develop and maintain security reference architectures, standards, and roadmaps for infrastructure, applications, cloud, and enterprise systems.
• Ensure alignment with enterprise identity strategies and access control frameworks to support secure, scalable, and compliant solutions.
• Assess potential risks with existing and new infrastructure, applications, products and processes, and ensure security is appropriately considered and integrated
• Perform structured security risk assessments/tests to identify, prioritize, and provide recommendations or solutions for issues found
• Provide security requirements and recommend secure practices, threat modeling, and integration of security tools (e.g., SAST, DAST, SIEM) into development pipelines and cloud environments
• Maintain deep knowledge of security principles, frameworks (NIST and regulatory landscapes (PCI, SOX, SOC2).
• Research and understand emerging information security threats and their impact on the business environment
• Recommend new information security systems and controls to mitigate emerging threats and risks across the company
• Automate security controls using tools and scripting, where possible
• Ensure foundational security technologies and controls are in place and drive continuous improvement, including identity and access management, endpoint protection, vulnerability management, application security, cloud, data protection, logging and monitoring, and incident response
• Support and drive utilization of Security monitoring and alerting solutions and key managed security services partners
• Manage relationships with third-party security vendors and improve current security technologies
• Maintain technical documentation for solutions and standard operating procedures such that services are delivered in an efficient and effective manner
• Support and maintenance of IT security components and working to ensure conformity to the standards of operation for the Information Technology Department.
• Key escalation for incidents and Incident Triage Team Lead backup.  This may require response to and coordination of incidents occurring during evening hours and on weekends.  Efforts should include follow-up activities to prevent recurrence of incident using NIST CSF Incident Response practices
• Develop, test, and execute Information Security policy requirements and procedures, including incident response plans, playbooks, and SOP
• Assist with data security, and disaster recovery plans

Service Development and Leadership

• Continually look to improve and refine the Security and infrastructure services delivered to the business, globally
• Help define and meet SLA requirements and best practices for security components and services
• Contribute deep technical skills, and industry experience and best practices to the rest of the team, driving change
• Maintain knowledge of emerging technology
• Technical Lead/Supervisor for high-performing security team, participating in hiring, training, performance management, and career development while developing and tracking metrics to measure security posture and report progress to leadership.

Communication & Collaboration

• Communicate effectively, verbally and in writing with people at all organizational levels
• Work in a team environment making positive contributions to the organization
• Establish and maintain effective relationships with staff members, customers, and vendors
• Other duties as assigned or required

The US national base salary range for this position is $128,841 - $161,052. This position is also eligible for a bonus. The base salary range displayed reflects the targeted hiring range for positions across all US locations. Individual pay is determined by job-related skills, work location and relevant education or experience.

Qualifications

Education/Experience:

• Bachelor’s degree in computer science or related/applicable field(s) is preferred, but not required
• 7+ years of progressive InfoSec experience, including 3+ years in a leadership or management role
• At least one relevant security certification (e.g., CISSP, CISM, or equivalent)
• Strong knowledge of security frameworks such as NIST and ISO 27000 series
• Proven success designing, implementing, or overseeing enterprise-scale security solutions
• Proven experience implementing enterprise security solutions: IAM, SIEM, WAF, CASB, CSPM, CWPP
• Deep expertise in securing cloud architectures (IaaS, PaaS, SaaS)
• Experience developing Zero Trust Architecture and SASE design principles

Skills:

• Strong background in designing and validating security architectures for cloud and on-prem environments
• Ability to lead PoCs, evaluate emerging technologies, and manage security upgrades, decommissions, and modernization roadmaps
• Demonstrated success building reference architectures, standards, and roadmaps
• Skilled in collaborating with architects/engineers to embed security into solution design
• Experience with cloud orchestration, automation, and security configuration management is a plus
• Experience managing cross-functional projects and delivering measurable risk reduction
• Deep experience with Microsoft Administration and Security Platforms, including Microsoft Entra/Active Directory, PowerShell, Defender, Sentinel, Purview, and Graph, in an environment supporting 600+ users and 200+ servers
• The ability to travel as required (<10%)

Additional Information

Benefits

Our benefit package supports the well-being of our employees and their families.  Our comprehensive benefit package includes, medical, dental, 401K match, paid time off (including volunteer time as well as parental leave) and so much more!  To learn more about our great benefit offerings, Click Here.

Work Environment

Most positions located out of our global headquarters in Bloomington, MN will work a hybrid work schedule where you will work 2 collaboration days a week.  Additional in office time may be required to support team/project needs.  Positions will be identified as “remote eligible” when consideration will be given to candidates outside of drivable distance to our Bloomington office.

Inclusion & Belonging

We are committed to creating a culture of inclusion and belonging for all who touch DQ. We believe in and commit to fostering a community where employees bring their authentic selves to work, and where we recruit, engage, and retain employees, franchise owners, and suppliers based on qualifications and merit. We strive to maintain an environment where everyone feels welcome.

IDQ is an Equal Opportunity Employer, and we use E-Verify to confirm the identity and employment eligibility of all new team members. You must be authorized to work in the United States without the need for employer sponsorship.