Information Security Manager

About The Position

Requirements

• Strong communication both written and verbal with ability to translate security to business stakeholders
• Strong problem-solving skills and use of judgement
• Accountability and ownership for assigned tasks and follow-through
• Quality, accuracy, and attention to detail
• Continuous improvement and learning
• Bachelor's degree in Computer Science, Information Technology, Business Administration or other related fields is preferred
• 58+ years in information security, cybersecurity, or GRC
• 2-4+ years management experience
• Experience with PCI DSS
• Experience with SOC 2 audits/readiness
• Familiarity with frameworks like NIST CSF and ISO 27001
• Experience with security tools/vendors (SIEM, endpoint, vulnerability management)

Responsibilities

• Develop, implement, and maintain the companys information security program, including security policies, standards, and control objectives.
• Provide leadership and day-to-day management for an assigned team of security associates, including work direction, coaching, performance feedback, and support of professional development.
• Conduct and lead information security risk assessments across applications, infrastructure, and third parties; maintain a risk management framework to identify, assess, document, prioritize, and track remediation of security risks.
• Oversee and perform (as needed) threat detection, vulnerability management, and incident response activities, including investigation coordination, root cause analysis, remediation tracking, and post-incident reviews.
• Own and manage the PCI DSS compliance lifecycle, including control implementation and validation, assessment coordination, evidence collection, and remediation of findings.
• Lead SOC 2 readiness, audits, and ongoing compliance by maintaining control documentation and mappings, coordinating evidence collection with cross-functional teams, and serving as the primary liaison to external auditors and assessors.
• Assess, monitor, and report third-party and vendor security risk, including due diligence reviews, security requirement input, and ongoing risk monitoring as applicable.
• Provide hands-on security support for cloud and networked environments (e.g., Azure and application networking), including reviewing configurations, recommending or implementing security controls, and partnering with IT and Engineering to remediate identified issues.
• Partner with Engineering to implement and validate application security requirements (e.g., OWASP-aligned controls), support secure development practices, identify security gaps, and track remediation to closure.
• Manage security awareness and training to support required policies, acceptable use practices, and security responsibilities across the organization.
• Support initiatives that enhance the security of associates, partners, systems, and integrations through collaboration, adherence to security practices, and continuous improvement.
• Work collaboratively with internal departments to support secure operations and a high standard of service for internal and external stakeholders.
• Contribute to the onboarding and training of new associates by sharing security practices, standards, and role-appropriate guidance.
• Promote and reinforce appropriate workplace behavior in accordance with company policies, procedures, and management guidance.
• Resolve routine and moderately complex issues within scope of responsibility and communicate resolutions or required information to impacted parties.
• To remain innovative and efficient, the use of AI is typical and expected within this role and at Basys.
• Perform other related duties as assigned, consistent with the nature and level of the role.