Information Security Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field preferred
• 5+ years of experience in cybersecurity, information security, or IT risk management
• 2+ years of experience in a leadership or supervisory role preferred
• Strong knowledge of cybersecurity concepts, including risk management, threat detection, and incident response
• Experience with security frameworks and compliance standards (e.g., SOX, NIST, CIS, SOC)
• Experience managing security tools such as SIEM, endpoint protection, identity and access management systems
• Strong understanding of network security, cloud environments (e.g., Azure), and enterprise systems
• Proven ability to lead cross-functional initiatives and manage security programs
• Strong analytical, problem-solving, and decision-making skills
• Excellent communication skills with the ability to translate technical risks to business stakeholders

Responsibilities

• Lead and manage the organization’s information security program, including security governance, policies, standards, and procedures
• Develop, maintain, and enforce security controls and practices to support compliance with organizational requirements and applicable regulatory frameworks
• Identify, assess, and manage cybersecurity risk across enterprise systems, applications, data, cloud platforms, and identity environments
• Oversee cybersecurity governance for operational technology environments, including industrial control systems, field-connected assets, edge devices, and supporting network infrastructure
• Assess and manage cyber risk related to OT/ICS systems, remote connectivity, third-party operational vendors, and emerging field technologies
• Oversee security monitoring across enterprise systems, networks, cloud platforms, and operational environments for threats, vulnerabilities, and suspicious activity
• Lead incident response coordination for enterprise and OT/ICS security events, including investigation, containment, remediation, recovery, and escalation with external monitoring and response partners
• Oversee identity and access security controls, including role-based access, provisioning governance, and periodic access reviews
• Ensure ongoing compliance with cybersecurity frameworks and regulatory requirements (e.g., SOX, NIST, CIS, SOC)
• Oversee IT general controls (ITGC) relevant to security and compliance, including access management, change control, privileged access, and evidence readiness for internal and external audit
• Lead internal and external security audits, including control documentation, evidence preparation, remediation tracking, and follow-up on findings
• Support governance and risk review for AI tools, automation, and connected technologies that access sensitive data or interact with operational environments
• Oversee third-party security risk management, including vendor assessments, contract security requirements, and cybersecurity expectations for operational and field-connected service providers
• Develop and deliver security awareness and training programs for employees
• Provide regular reporting to leadership on security risks, incidents, control gaps, and program effectiveness
• Stay current with emerging threats, technologies, and industry best practices
• Maintain compliance with Health, Safety, and Environmental (HSE) policies by attending all required HSE training sessions, safety meetings, and using proper Personal Protective Equipment (PPE)
• Perform other duties as assigned