Manager, Information Security

Our vision at Petco is Healthier Pets. Happier People. Better World. We're making things better for pets, people, and the planet through our Think Adoption First philosophy, the Petco Foundation and other important initiatives that focus on putting animals first, educating pet parents and reducing our carbon footprint. The journey starts with knowledgeable, passionately engaged associates who are proud to recommend Petco as a place to work, who believe in our Vision and who are committed to delivering a superior customer experience. From our retail stores and our network of Distribution Centers to our Corporate offices, you'll work with others who share your values and commitment. We seek individuals who are passionate about animal welfare, have great people skills and are driven to grow and advance in their careers with us. Our ongoing growth is creating exceptional opportunities for professional development and personal enrichment throughout our organization. About The Role We're seeking a hands-on Security Operations Manager to lead security monitoring, incident response, and platform engineering for our retail, corporate, and ecommerce operations. This is a player-coach role requiring deep technical execution (60-70% of time) and team leadership. This position owns our 24/7 security operations capability, manages core security platforms, leads incident response efforts, and drives critical security engineering projects to completion. The role works closely with our external managed security service provider (MSSP) and serves as the technical escalation point for security events affecting stores, ecommerce platform, distribution centers, and corporate infrastructure. Based in Mexico, supporting North American operations. Hybrid work arrangement preferred in Querétaro. Fully remote within Mexico will be considered for exceptional candidates. What You'll Do Incident Response & Threat Management Lead real-time response to security incidents, making containment and remediation decisions that minimize business impact Manage escalations from our MSSP and make rapid triage decisions on security alerts Conduct post-incident reviews and drive remediation of root causes Develop and maintain incident response runbooks, playbooks, and procedures Security Platform Engineering & Architecture Own architecture, deployment, and optimization of security operations stack including SIEM, EDR, NDR, SOAR, and related detection/response platforms Drive complex security engineering projects from conception through production deployment, including enterprise-scale initiatives like secure web gateway deployments, network security architecture, and cloud security tooling Develop detection rules, automation workflows, and integrations to improve mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) Design and implement security solutions protecting network infrastructure, cloud environments, and data across retail locations, corporate, and ecommerce operations Troubleshoot complex security platform issues and optimize configurations for performance and efficacy Vendor & Partner Management Serve as primary technical liaison with our managed security service provider, managing SLAs, escalations, and service quality Evaluate and onboard new security technologies and services Coordinate with networking, cloud, and infrastructure teams on security architecture decisions Team Leadership & Development Directly manage and mentor a team of 3 security professionals Provide technical direction, skill development, and career coaching Build team capabilities in key areas like cloud security incident response Maintain on-call rotation and ensure team readiness for 24/7 incident response Set clear performance expectations and deliver regular feedback Required Qualifications 5+ years hands-on information security experience with at least 3 years focused on security operations, incident response, or security engineering 2+ years people management experience leading security analysts or engineers Proven track record executing complex security platform or infrastructure deployments from start to finish Hands-on technical expertise with at least 3 of the following platform categories: SIEM platforms (e.g., Splunk, Microsoft Sentinel, Chronicle, Elastic, Sumo Logic, DataDog) Endpoint Detection & Response / EDR (e.g., CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black) Network Detection & Response / NDR (e.g., ExtraHop, Vectra, Darktrace, Corelight) Security Orchestration, Automation & Response / SOAR platforms Secure Web Gateways, Cloud Access Security Brokers, or Zero Trust Network Access solutions Next-Generation Firewalls, IDS/IPS, or Network Access Control systems Direct experience leading or participating in security incident investigations, containment, and remediation Strong enterprise networking knowledge including network architecture, routing/switching, and SD-WAN Excellent English communication skills (written and verbal) for coordination with US-based teams, vendors, and stakeholders Spanish proficiency for team communication and local stakeholder engagement Previous experience working in or supporting US-based organizations Strongly Preferred Experience with secure web gateway or SASE solutions (e.g., Zscaler, Netskope, Palo Alto Prisma Access) Cloud security experience (AWS, Azure, GCP) including security tooling, architecture, and incident response Scripting and automation skills (Python, PowerShell, Bash) for security tooling and response automation Security certifications (CISSP, GCIH, GCIA, GMON, GNFA, CISM) Experience with PCI-DSS, SOC 2, or ISO 27001 compliance frameworks Experience managing relationships with MSSPs or managed detection and response providers Retail or ecommerce security experience What Makes You Successful In This Role Execute technical projects independently without extensive oversight Comfortable working hands-on with security platforms while developing team capabilities Take ownership when projects stall or incidents occur Anticipate dependencies and blockers, solving problems proactively Translate technical security concepts effectively for both technical and non-technical audiences Work effectively with or without dedicated project management support Education Bachelor's degree in Computer Science, Information Security, Information Technology, or related technical field preferred. Equivalent hands-on experience will be considered.