Head of Attack Surface Management

Posted 3 Hours Ago
Be an Early Applicant
Hiring Remotely in United Kingdom
Remote or Hybrid
Expert/Leader
Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
We're a global snacking company empowering people to snack right.
The Role
Lead and unify attack surface management across CSPM, vulnerability management, offensive security, and application security. Own strategy, tooling, vendor consolidation, executive reporting, and team leadership to deliver continuous visibility, risk-based prioritization, and measurable reduction of enterprise exposure across multi-cloud, manufacturing, and OT/IoT environments.
Summary Generated by Built In
Job Description
Are You Ready to Make It Happen at Mondelēz International?
Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.
You work with the information security team as a competent and experienced information security and compliance leader.
How you will contribute
You will assess information security risks in line with internal policies and external best practices and determine requirements how to secure Mondelēz International information and IT assets. In addition, you will develop security standards and policies; advise technical teams when developing relevant procedures or have operational security questions; review and consulting them on compliant and effective use of common tools. You will also keep business stakeholders apprised on the overall security and compliance roadmap, provide training on information security to appropriate teams, and develop security strategies, architectures and roadmaps across process and technologies.
What you will bring
A desire to drive your future and accelerate your career. You will bring experience and knowledge in:
  • Information security, compliance and risk management
  • Understanding security solutions and their applicability to Mondelēz International
  • Developing security strategies, awareness campaigns, policies/standards, and governance
  • Communicating effectively with technical specialists, leaders and peers
  • Commercially astute
  • Leadership and people management skills

About the Role
As a Fortune 100 global consumer packaged goods company operating across dozens of markets, our attack surface spans complex multi-cloud environments, global manufacturing and supply chain infrastructure, thousands of applications, and an increasingly interconnected OT/IoT ecosystem. The Head of Attack Surface Management is a critical senior leadership role responsible for unifying our exposure management capabilities into a single, accountable function that delivers continuous visibility, risk-based prioritization, and measurable reduction of our enterprise attack surface.
This leader will own the strategy, execution, and maturation of four integrated disciplines-Cloud Security Posture Management, Vulnerability Management, Offensive Security, and Application Security-ensuring they operate as a cohesive program. The successful candidate will combine deep technical expertise with executive presence, translating complex exposure data into business risk language that drives action at the highest levels of the organization.
This role is an exceptional opportunity to shape and lead a critical security function at one of the world's largest consumer packaged goods companies, protecting a brand portfolio trusted by billions of consumers globally.
Key Responsibilities
Strategic Leadership & Program Ownership
  • Own the end-to-end attack surface management strategy, roadmap, and operating model, aligning priorities to enterprise risk appetite and business objectives across a global CPG environment.

  • Establish unified standards for exposure scoring, risk-based prioritization, and SLA enforcement across all four disciplines.

  • Own the exposure management platform and tooling strategy, including build-vs-buy decisions, vendor consolidation, and integration architecture to deliver a single pane of glass for enterprise risk posture.

  • Build and present executive-level reporting on attack surface risk, remediation velocity, and residual exposure to the CISO, executive leadership, and Board-level audiences.

Cloud Security Posture Management (CSPM)
  • Drive cloud security posture management across multi-cloud environments (AWS, Azure, GCP), including misconfiguration detection, IAM entitlement risk analysis, and policy enforcement at scale.

  • Partner with cloud engineering and DevOps teams to embed preventive guardrails, IaC policies, and automated remediation, operating within the organization's Product and Platform model.

  • Ensure continuous compliance monitoring against regulatory frameworks across all cloud workloads, including containers, serverless, and managed services.

Vulnerability Management
  • Lead enterprise vulnerability management covering infrastructure, endpoints, network devices, and OT/IoT environments across global manufacturing and supply chain operations.

  • Establish and enforce scanning cadence, risk-based patching SLAs, exception governance, and escalation paths for aged or critical findings.

  • Own data quality, asset attribution, and integration between scanning platforms, CMDB, ticketing systems, and risk dashboards.

Offensive Security
  • Direct the offensive security function, including internal red team operations, penetration testing, purple team exercises, and adversary simulation aligned to real-world threat actor TTPs.

  • Ensure offensive findings feed directly into the vulnerability and remediation pipeline with clear SLAs, validating detection and response effectiveness with the SOC and detection engineering teams.

Application Security
  • Own application security across the entire SDLC, including SAST, DAST, SCA, secrets detection, container scanning, IaC security, and API security testing.

  • Partner with engineering and product leadership to embed security into CI/CD pipelines and shift remediation left, aligning AppSec as a platform capability for product teams.

Team Leadership & Vendor Management
  • Build, lead, and develop a high-performing team of managers and senior individual contributors across all four disciplines, including hiring, performance management, and succession planning.

  • Manage vendor relationships and commercial negotiations for scanning, ASM, CSPM, AppSec, and offensive security tooling, driving consolidation and value optimization.

  • Foster a culture of collaboration and continuous improvement, ensuring the team operates as an enabling platform service to internal product and platform partners.

Required Qualifications
  • 12+ years in cybersecurity with progressive leadership experience, including 5+ years managing multi-disciplinary security teams at a senior manager or director level.

  • Demonstrated ownership of at least two of the four core disciplines (CSPM, Vulnerability Management, Offensive Security, Application Security) at a program level-including strategy, budget, staffing, and executive reporting.

  • Experience operating within a Product and Platform operating model, delivering security capabilities as platform services that enable product teams to move fast and securely.

  • Strong working knowledge of cloud architecture and cloud-native security controls across AWS, Azure, and/or GCP in complex multi-cloud environments.

  • Hands-on experience with enterprise vulnerability management platforms (e.g., Tenable, Rapid7, Qualys), CSPM tools (e.g., Wiz, Prisma Cloud, Orca), and AppSec tooling (e.g., Snyk, Checkmarx, Veracode).

  • Familiarity with NIST CSF, MITRE ATT&CK, OWASP Top 10, CIS Controls, and CVE/CVSS/EPSS scoring methodologies.

  • Proven ability to communicate complex technical risk to non-technical executive audiences and drive cross-functional remediation accountability.

  • Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field-or equivalent professional experience.

  • Relevant certifications preferred: CISSP, OSCP, GPEN, GXPN, CISM, or equivalent.

Preferred Qualifications
  • Experience in a large, global enterprise environment, ideally within CPG, manufacturing, retail, or industries with complex supply chain and OT/IoT environments.

  • Track record of presenting cyber risk posture to executive leadership and Board of Directors, including translating exposure metrics into financial risk quantification.

  • Demonstrated success consolidating fragmented security functions into a unified exposure management program with measurable risk reduction outcomes.

  • Experience with CAASM/EASM platforms and risk-based prioritization frameworks beyond raw CVSS scoring (e.g., EPSS, business context enrichment, asset criticality weighting).

  • Experience operating in regulated environments across SOX, GDPR, FDA, PCI-DSS, or equivalent frameworks.

  • MBA or advanced degree in a relevant field is a plus.

Additional Information
  • Reports To: Chief Information Security Officer (CISO)
  • Work Schedule: standard working hours (Mon-Fri). This is a remote position; candidate must be located in the UK.
  • This is a full-time position with permanent contract.
  • Travel requirements: candidate must have availability for travelling according to business needs.

No Relocation support available
Business Unit Summary
At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about.
We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum.
Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen-and happen fast.
Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Job Type
Regular
Information Security
Technology & Digital

Skills Required

  • 12+ years in cybersecurity with progressive leadership experience
  • 5+ years managing multi-disciplinary security teams at senior manager or director level
  • Ownership of at least two of CSPM, Vulnerability Management, Offensive Security, Application Security at program level
  • Experience operating within a Product and Platform operating model delivering security as platform services
  • Strong working knowledge of cloud architecture and cloud-native security controls across AWS, Azure and/or GCP
  • Hands-on experience with enterprise vulnerability management platforms (e.g., Tenable, Rapid7, Qualys), CSPM tools (e.g., Wiz, Prisma Cloud, Orca), and AppSec tooling (e.g., Snyk, Checkmarx, Veracode)
  • Familiarity with NIST CSF, MITRE ATT&CK, OWASP Top 10 and CVE/CVSS/EPSS scoring methodologies
  • Proven ability to communicate complex technical risk to non-technical executive audiences and drive remediation accountability
  • Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field, or equivalent professional experience
  • Candidate must be located in the UK (remote role) and able to travel as required
  • Relevant certifications preferred: CISSP, OSCP, GPEN, GXPN, CISM or equivalent
  • Experience in large global enterprise, supply chain/OT/IoT environments, CAASM/EASM, and regulated environments (SOX, GDPR, PCI-DSS, FDA) preferred
  • Track record of presenting cyber risk to executive leadership and Board-level audiences and consolidating security functions

Mondelēz International Compensation & Benefits Highlights

  • Retirement Support The 401(k) program is characterized by strong company matching, with some eligible groups also receiving a base company contribution. Feedback suggests negotiated updates at represented sites have further enhanced retirement features.
  • Healthcare Strength Coverage spans medical, dental, vision, mental‑health resources, life and disability insurance, and tax‑advantaged accounts, supported by wellness and EAP offerings. Onsite or company‑sponsored wellbeing initiatives provide additional day‑to‑day support.
  • Parental & Family Support A published global parental‑leave standard and resources such as lactation/wellness rooms signal structured support for caregivers. Bonding leave for all caregivers and other family‑care supports are highlighted in published materials.

Mondelēz International Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Chicago, IL
90,000 Employees
Year Founded: 2012

What We Do

Mondelēz International, Inc. (NASDAQ: MDLZ) is an American multinational confectionery, food, and beverage company based in Illinois which employs approximately 90,000 individuals around the world. Our Purpose Our purpose is to empower people to snack right. We will lead the future of snacking around the world by offering the right snack, for the right moment, made the right way. Our Brands We’re leading the future of snacking with iconic brands such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. Our People Our 90,000+ colleagues around the world are key to the success of our business. Our Values and Leadership Commitments of Love our Consumers and Brands, Grow Every Day, and Do What's Right shapes our culture – what we believe in, stand for, and what guides our actions and decisions. Great people and great brands. That’s who we are. Our Strategies We are uniquely positioned to lead the future of snacking with strong leadership in our categories, an unparalleled portfolio of global and local brands, and a solid footprint in fast-growing markets. Aimed at delivering sustainable growth, our strategic plan is centered around three strategic priorities: • Growth: accelerate consumer-centric growth • Execution: drive operational excellence • Culture: build a winning growth culture

Why Work With Us

We offer passionate, energetic and curious people a huge choice of careers in our fun, fast-paced, global business. We operate in four regions: Asia, Middle East & Africa; Europe; Latin America; and North America. And in over 80 countries our people are united in a common purpose to empower people to snack right.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Mondelēz International Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

#TeamMDLZ F​lexible Work​ing Pledge: We Trust each other to work flexibly and productively We show Empathy, encouraging belonging and connection We are Mindful of making space and taking time

Typical time on-site: Flexible
HQChicago, IL
MY
MX
Athens, GR
Bogotá, CO
Bratislava, SK
Breda, NL
Bucharest, RO
Hungary
Buenos Aires, Buenos Aires
East Hanover, NJ
İstanbul, Istanbul
Mumbai, IN
Praha, CZ
Santa Ana, CR
Santa Fe, MX
São Paulo, BR
Singapore
Warsaw, PL
Learn more

Similar Jobs

Mondelēz International Logo Mondelēz International

Change Manager o9 MEU, Demand Planning

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Remote or Hybrid
9 Locations
90000 Employees

Mondelēz International Logo Mondelēz International

MEU Strategic Sourcing Manager - IFM

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Remote or Hybrid
8 Locations
90000 Employees

Mondelēz International Logo Mondelēz International

Internal Controls Senior Analyst

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Remote or Hybrid
5 Locations
90000 Employees

Mondelēz International Logo Mondelēz International

o9 Change Readiness Lead

Big Data • Food • Hardware • Machine Learning • Retail • Automation • Manufacturing
Remote or Hybrid
11 Locations
90000 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account