Information Security Manager

Software Finder201 District, VA
Onsite

About The Position

Software Finder is seeking an experienced and strategic Information Security Manager to lead the organization's cybersecurity and information security initiatives. This role is responsible for developing, implementing, and continuously improving the organization's Information Security Management System (ISMS), ensuring the confidentiality, integrity, and availability of business, customer, and employee data. The ideal candidate will have extensive experience in cybersecurity governance, security operations, risk management, regulatory compliance, and leading high-performing security teams. You will work closely with cross-functional stakeholders to strengthen the organization's security posture, ensure compliance with international security standards, and proactively manage evolving cyber threats.

Requirements

  • Bachelor's degree in computer science, Information Technology, Cybersecurity, Information Systems, or a related field.
  • 8–10 years of progressive experience in information security, cybersecurity, IT governance, or risk management.
  • 3–5 years of leadership experience managing security operations, governance, compliance, and security teams.
  • Strong hands-on experience implementing and managing enterprise Information Security Management Systems (ISMS).
  • Proven expertise in cybersecurity governance, enterprise risk management, and security policy development.
  • Experience managing SOC operations, SIEM platforms, incident response, vulnerability management, and security monitoring.
  • Strong understanding of endpoint, network, cloud, email, and application security technologies.
  • Experience implementing identity and access management (IAM), privileged access management, and Zero Trust principles.
  • In-depth knowledge of regulatory and security frameworks including ISO 27001, SOC 2, NIST CSF, GDPR, and HIPAA.
  • Experience supporting internal/external audits, security assessments, and penetration testing initiatives.
  • Excellent analytical, leadership, stakeholder management, communication, and problem-solving skills.
  • Ability to translate complex security risks into practical business recommendations.

Nice To Haves

  • Professional security certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Lead Auditor, or equivalent.
  • Experience with Microsoft Sentinel, Splunk, QRadar, Microsoft Defender, CrowdStrike, or similar enterprise security platforms.
  • Strong understanding of cloud security across AWS, Azure, or Google Cloud Platform.
  • Experience implementing Data Loss Prevention (DLP), encryption, key management, and secure data governance practices.
  • Familiarity with DevSecOps, secure software development lifecycle (SSDLC), and cloud-native security controls.
  • Experience managing third-party security assessments, vendor risk management, and regulatory compliance initiatives.
  • Ability to lead cross-functional security projects in fast-paced technology environments.
  • Strong mentoring and people management skills with experience building and developing high-performing security teams.

Responsibilities

  • Lead the development, implementation, and continuous improvement of the organization's Information Security Management System (ISMS).
  • Define, implement, and maintain enterprise-wide information security policies, standards, procedures, and governance frameworks.
  • Ensure compliance with ISO 27001, SOC 2, NIST CSF, GDPR, HIPAA, and other applicable security and regulatory standards.
  • Oversee Security Operations Center (SOC) functions, including security monitoring, threat detection, incident response, and forensic investigations.
  • Manage enterprise security technologies including SIEM, SOAR, EDR/XDR, firewalls, endpoint protection, email security, identity and access management (IAM), and cloud security platforms.
  • Lead vulnerability management, patch management, penetration testing coordination, and security remediation activities.
  • Conduct enterprise risk assessments, maintain the cybersecurity risk register, and implement effective mitigation strategies.
  • Develop and maintain Business Continuity (BCP), Disaster Recovery (DR), and Business Impact Analysis (BIA) programs.
  • Oversee identity lifecycle management, privileged access controls, and least-privilege security practices.
  • Manage Data Loss Prevention (DLP), encryption standards, and data protection controls across the organization.
  • Lead cybersecurity incident investigations, root cause analysis, and post-incident improvement initiatives.
  • Support internal and external security audits while ensuring all compliance documentation remains current and audit-ready.
  • Assess third-party vendors for security risks and ensure compliance with organizational security requirements.
  • Plan and execute organization-wide security awareness programs, phishing simulations, and employee cybersecurity training.
  • Collaborate with Engineering, IT, Product, Legal, HR, and executive leadership to embed security best practices across business operations.
  • Monitor emerging cybersecurity threats, industry trends, and recommend proactive improvements to strengthen organizational resilience.
  • Lead, mentor, and develop the cybersecurity team while fostering a culture of security awareness and continuous improvement.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service