Senior Manager, Cybersecurity - Technology & Engineering



McCormick & Company, Inc., a global leader in the spice, flavor, and seasonings industry, is seeking a full-time Senior Manager, Cybersecurity - Technology & Engineering. The Senior Manager, Cybersecurity - Technology & Engineering will report to the Director, IT Operations Technology. This new hire will work at McCormick's global headquarters in Hunt Valley, MD and will be eligible to participate in McCormick's hybrid work program (50% onsite and 50% remote per month). 


McCormick & Company, Incorporated is a global leader in flavor with approximately 14,000 employees worldwide. With over $6 billion in annual sales across 160 countries and territories, we manufacture, market, and distribute spices, seasoning mixes, condiments, and other flavorful products to the entire food industry including e-commerce, retail, food manufacturers and foodservice businesses. Our most popular brands include McCormick, French's, Frank's RedHot, Stubb's, OLD BAY, Lawry's, Zatarain's, Ducros, Vahiné, Cholula, Schwartz, Kamis, DaQiao, Club House, Aeroplane, and Gourmet Garden. Every day, no matter where or what you eat or drink, you can enjoy food flavored by McCormick. Our Purpose is "To Stand Together for the Future of Flavor and our Vision is "A World United by Flavor—where healthy, sustainable and delicious go hand in hand."


As a company recognized for its exceptional commitment to employees, McCormick offers a wide variety of benefits, programs, and services. Benefits include, but are not limited to, tuition assistance, medical, dental, vision, disability, group life insurance, 401(k), profit sharing, paid holidays, and vacations.





The Senior Manager, Cybersecurity – Technology and Engineering leads a global team providing network, cloud, Operational Technology (OT), engineering and operations security functions. They align with defined policies, standards to ensure McCormick’s digital asset protection globally and are responsible for the creation, tracking and trending of performance metrics of the services delivered under their remit as directed by the Director of IT/OT Security.  The Cybersecurity Senior Manager ensures the security and availability of McCormick's information assets and IT services through leadership of one or more core functions of the NIST Cybersecurity Framework including Identify, Protect, Detect, Respond and Recover. Requiring a high degree of technical expertise and the ability to effectively assess cyber threats and risks both at a technical level and at an enterprise level, the Sr. Manager makes timely decisions regarding the prioritization of cybersecurity capability investments and the selection, design and implementation of business appropriate, highly complex technology solutions and controls. Decisiveness is required on a regular basis, many times under highly stressful conditions, to effectively respond to rapidly changing external conditions that could quickly threaten McCormick's ability to conduct business. The nature of cyberthreats could cause an enterprise-jeopardizing situation to manifest itself within a matter of minutes or hours with no advance warning. In several cases each year, this level of rapid decision-making ability is required during situations where McCormick's information assets, IT services and networks are under active attack by malicious cyber threat actors and hackers. The Sr Manager must establish and execute against a strategic plan that achieves the optimal balance of Identifying, Protecting, Detecting, Responding and Recovering regarding McCormick's information assets and IT services. This position is responsible for the direct management of a global team including highly technical internal resources and third parties.




Operations - ITSM, Security IR & On-Call

  • Manage the technical and functional delivery of Security Services according to established ITSM SLAs, processes, and practices.
  • Manage team resources to provide 24x7 support for priority incidents and projects that may require after hours work. Provide an escalation point for critical and urgent items and redirect or engage others as needed for proper resolution or hand-off.
  • Review, assess and approve change management requests presented by the team and interact with IT and business teams to ensure alignment on risk, impacts and communications as necessary.
  • Promptly report and participate in cybersecurity incidents, tabletop exercises and CSIRT processes.

Projects & Delivery

  • Sponsor, lead, resource manage and at times project manage IT/Security projects.
  • Provide reasonable estimates and forecasts of project resources, infrastructure and/or services as needed to address demands and requirements.
  • Cost effective, timely and agile engineering, design, build and delivery, including the oversight and management of external parties performing this function.


  • Evaluation of internal and external and comparing to internal capabilities resulting in the ultimate assessment of risk. Identification of appropriate mitigating and compensating controls and the development of plans to implement selected controls.
  • Identify operational and security risks during day-to-day activities and during specific, targeted efforts or audits. Make recommendations and/or take action to mitigate these risks as appropriate.


  • Regularly review and actively execute security technologies, infrastructure, systems and processes to ensure compliance to security requirements, separation of duties and other best practices are being followed and where necessary resolve and/or escalate inconsistencies and issues.
  • Maintain, review, and certify any IT and SOX controls as assigned.


  • Development and maintenance of IT Security strategic plan and roadmap to include new solutions/capabilities and solution life cycle events aligned to IT and IT Security vision, program maturity and objectives.
  • Prepare project proposals and contribute to the overall IT Security portfolio and programs.

Team/Personal Management & Development

  • Work within McCormick people management systems and processes to manage employees, including performance management/goals and personnel development.
  • Develop and maintain security relevant skills and knowledge, both technical and non-technical, through training, certifications, and other means for oneself and team. Work with individuals to prepare development plans and facilitate as necessary for completion.
  • Maintain up-to-date knowledge by researching new technologies and software products, participating in educational opportunities and conferences, and reading professional publications.


  • Define, plan and maintain application/system configuration lifecycles. Provide sizing and budget estimations to align with life cycle/renewal schedules.
  • Execute approved plans to budget.

Processes, Capabilities, Solutions and Systems Development

  • Serve as a subject matter expert to the business stakeholders, understanding their core business processes and business priorities which can be enhanced using technology solutions.
  • Identification of the policies, standards and controls required to effectively manage the access to the Company’s information assets and IT Services.
  • Vendor evaluation and selection and development of strategic alliances with 3rd parties.
  • Establishes standard engineering and operational processes.



  • Bachelor's degree in Information Technology, Computer Science or relevant field.
  • Certified Information Systems Security Professional (CISSP) and at least two of the preferred qualifications or equivalent certifications
  • 10+ years experience in information technology with increasing responsibility with 5+ years recently in a network-based, OT, or security engineering function. 8+ years of proven leadership experience with 6+ years experience managing large cross-functional teams which responsibility included resource planning and prioritization, performance management and talent development.
  • Experience with architecture and implementations of IT and/or IT/OT security solutions.
  • Proven ability to drive security processes, remediation, and standards within a complex business environment while maintaining continuity of business operations.
  • Comprehensive technical knowledge of all areas of IT plus a comprehensive understanding of all business functions and how their processes and resources interact is required.
  • Strong understanding of the CPG and Food Manufacturing industries and commercial awareness is required to understand the relative positioning of the company’s products and services versus the competition and to gain an understanding of the Corporation's tolerance for risk.
  • Broad and comprehensive knowledge of cybersecurity capabilities is required



  • MBA or Masters in Computer Science, Information Governance, Engineering, Business Management or related field
  • Certified Identity and Access Manager (CIAM), Certified Identity Management Professional (CIMP), Certified Ethical Hacker (CEH), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), CIP (Certified Information Professional), CompTIA Security+, SANS GIAC Security Essentials, Certified in Risk and Information Systems Control (CRISC), Cloud Certification (AWS, GCP, Azure),
  • Certificate of Cloud Security Knowledge (CCSK), Offensive Security Certified Professional (OCSP), ITIL, or other relevant security certification
  • 3+ years public cloud IaaS experience (Azure, GCP and/or AWS)







McCormick & Company is an equal opportunity/affirmative action employer.  All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.


As a general policy, McCormick does not offer employment visa sponsorships upon hire or in the future. 


United by flavor. Driven by results.

As a McCormick employee you’ll be empowered to focus on more than your individual responsibilities. You’ll have the opportunity to be part of something bigger than yourself—to have a say in where the company is going and how it’s growing.

Between our passion for flavor, our 130-year history of leadership and integrity, the competitive and comprehensive benefits we offer, and our culture, which is built on respect and opportunities for growth, there are many reasons to join us at McCormick.

Nearest Major Market: Baltimore