IT Operations & Security Manager
Description
IT Operations & Security Manager
If you are looking for a life-changing career opportunity, we've got your prescription. Rodan + Fields is a female-founded skincare and haircare company launched in 2008 by Stanford-trained dermatologists Dr. Katie Rodan and Dr. Kathy Fields with the mission of delivering proven results through science-backed, dermatologist-created products. Rodan + Fields is proud of its track record of providing confidence to millions through regimen-based skincare and haircare products, award-winning innovation, and global community of passionate brand advocates.
At Rodan + Fields, you will be challenged to make an impact, inspired to do more, and rewarded for your contributions. We are transforming skincare, and we welcome your big ideas to fuel our ambitious growth plans! You’ll become part of a positive, passionate, and purpose-driven company that is committed to putting people first and protecting our planet. Our 2025 Do Good commitment outlines the actions we are taking to invest in our global communities, support our people and preserve our planet. We provide a creative, vibrant workplace outfitted with all the technology, tools and training you'll need to learn, grow, and thrive!
Join us and share your talents as we develop innovative solutions to give all people the best skin and hair of their lives. In addition to working arm-in-arm with industry leaders, employees at Rodan + Fields enjoy rich benefit plans, tuition reimbursement, a flexible workplace, and perks.
Overview
We’re seeking an experienced IT Operations & Security Manager / Sr. Manager to lead our infrastructure, cloud, and cybersecurity initiatives. This role combines hands-on technical management with strategic oversight, ensuring our systems remain reliable, secure, and compliant. You’ll oversee IT operations across on-premises and cloud environments (GCP), manage a small technical team, and collaborate with business leaders to align technology with organizational goals.
This role also plays a key part in enabling and governing AI capabilities across the organization, including Microsoft Copilot and other AI-assisted productivity and automation tools—balancing innovation with strong security, privacy, and compliance controls.
Key Responsibilities
- Supervise and mentor IT Helpdesk Technicians and System Administrators.
- Oversee day-to-day IT operations, ticketing workflows, and SLAs.
- Foster a culture of accountability, collaboration, and continuous improvement.
- Partner with Legal and the VP of Technology to define and execute the organization’s security, privacy, and AI governance strategy, including CCPA, global privacy, PCI compliance, and data protection initiatives.
- Participate in change management processes and provide infrastructure input.
- Plan and manage IT budgets, vendor relationships, and hardware/software procurement.
- Maintain documentation for systems, procedures, configurations, and AI enablement standards.
Infrastructure & Cloud Management
- Manage GCP environments, including firewall policies, network configurations, and IAM permissions.
- Automate provisioning and infrastructure lifecycle through Terraform and Bitbucket.
- Administer compute instances, load balancing, routing (BGP), VPNs, and peering.
- Manage access and data security for GCP storage buckets, projects, and folders.
- Oversee hybrid network connectivity between office sites and GCP.
- Monitor performance and health using SolarWinds and related tools.
- Support the secure integration of AI tools and APIs into cloud and enterprise systems, ensuring data classification and access controls are properly applied.
Networking & Systems Administration
- Manage LAN/WAN architecture, routers, firewalls, switches, and VPNs (Fortigate, Aruba, Extreme).
- Oversee DNS, DHCP, and NPS services, ensuring reliable internal/external resolution.
- Administer wireless networks via Aruba Central.
- Maintain Windows and Linux servers across environments.
- Oversee backups (Veeam), file and print services, and server/storage configurations.
- Manage external DNS platforms (Safenames, DNS Made Easy).
- Support third-level escalations for infrastructure and application issues.
- Ensure proper integration and security of AI-based monitoring, automation, and Copilot capabilities across systems.
Identity & Access Management
- Oversee Active Directory, Group Policy, and authentication infrastructure.
- Manage Entra ID, Intune, and Kandji integrations for identity and device management.
- Administer user and service account permissions across systems.
- Enforce least-privilege and zero-trust access policies.
- Implement governance and access controls for AI tools, including Microsoft Copilot, to ensure data protection and responsible use of AI-assisted features.
Security & Compliance
- Define, implement, and continuously improve the company’s cybersecurity and compliance program.
- Partner with Legal and the VP of Technology to develop and maintain the enterprise security, privacy, and AI governance strategy, covering CCPA, global privacy, PCI compliance, data security, and responsible AI usage.
- Conduct vendor risk assessments and manage third-party security reviews, including those for AI-enabled platforms.
- Lead compliance audits and ensure adherence to internal and external regulatory requirements.
- Develop and enforce cybersecurity standards, governance, and operational controls.
- Lead risk assessments, vulnerability management, and penetration testing.
- Oversee incident response, root-cause analysis, and threat mitigation.
- Manage certificates, Root CA, and CRL for internal and external systems.
- Maintain and optimize firewall rules, IDS/IPS, and network security configurations.
- Monitor global and regional security risks and adjust defensive strategies.
- Establish guardrails for AI usage, including prompt governance, data retention, and monitoring of AI-driven outputs to prevent data leakage or bias.
Security Tools & Platforms -Manage and integrate tools such as:
- Endpoint & patching: Tanium, WSUS, Linux repos
- Identity & access: Entra ID, Intune, Kandji
- Network & monitoring: SolarWinds, FortiGate, Aruba
- Backup & recovery: Veeam, Druva
- Vulnerability & threat management: Tenable, Proofpoint, Defender, LMNTRIX
- Cloud & CDN: Akamai, GCP, Terraform
- Code quality & governance: SonarQube, Panorays
- Collaboration & SaaS: O365, Teams, SharePoint, Box, Microsoft Copilot
- AI & Automation: Microsoft Copilot, GCP AI tools, and related responsible AI governance frameworks
Qualifications
- Requires a bachelor’s degree and a minimum of 5-7 years related experience with 1-3 years management experience.
- Infrastructure and cybersecurity experience in a mid-size enterprise (200+ employees).
- Proven leadership in managing IT operations or security engineering teams.
- Strong knowledge and experience in implementing Microsoft E5 platforms including SharePoint and Copilot integrations.
- Strong background in privacy compliance (CCPA, PCI, GDPR) and risk management.
- Deep knowledge of networking, routing/switching, VPNs, and cloud security (GCP).
- Hands-on expertise with infrastructure automation, patching, and monitoring tools.
- Experience conducting vendor risk assessments and compliance audits.
- Familiarity with AI tools, Copilot administration, and securing AI integrations in enterprise environments.
- Excellent communication and analytical skills; able to translate technical risk for business leaders.
- Bachelor’s degree in computer science, Information Systems, or related field.
- Preferred certifications: Microsoft (MCSE, MCSA, MCITP), GCP, CISSP, CISM, or equivalent.