Information Security Program Manager (Hybrid)

About The Position

Requirements

• Bachelor’s degree in computer science, information technology, or a related field or equivalent practical experience.
• 5+ years of related IT infrastructure or information security experience.
• Working knowledge of corporate network environments and technologies such as VMware virtualization, Microsoft Windows Server, Active Directory, and Group Policy management.
• Experience with cloud platforms such as Microsoft Azure, Microsoft 365, or Amazon Web Services (AWS) administration and support.
• Familiarity with scripting and automation tools (e.g., PowerShell, Python, Ansible) for system administration or security automation.
• Willingness and ability to perform off-hours administrative changes and respond to emergencies or urgent issues outside of regular hours if needed.
• Must be legally authorized to work in the United States without the need for sponsorship by Barr, now or in the future.

Nice To Haves

• Recognized security certifications demonstrating expertise and commitment to the field.
• Experience supporting external audits and compliance assessments (such as SOC2 audits, ISO 27001 certification processes, NIST 800-series compliance, or CMMC).

Responsibilities

• Oversee and continuously improve Barr’s information security program.
• Ensure that security measures are integrated across systems and that protective controls support the company’s needs for performance, stability, and high availability.
• Provide insight into developing and executing the company’s security strategy.
• Stay current on emerging threat intelligence and cybersecurity trends, and advise the organization on mitigating new threats.
• Develop and maintain information security policies, standards, and procedures to ensure alignment with industry best practices and frameworks such as the NIST Cybersecurity Framework, ISO 27001, and NIST SP 800-171.
• Plan, prepare for, and respond to security incidents or breaches, helping to coordinate containment, investigation, and recovery efforts to minimize damage and downtime.
• Support the company’s Crisis Response Team in planning and response activities that relate to or rely on technology.
• Continuously monitor the IT environment for signs of security issues or vulnerabilities using appropriate tools and resources.
• Serve as the first escalation point for potential security incidents.
• Lead proactive vulnerability management by conducting regular security scans and ensuring that processes and automated systems for the timely application of patches and/or upgrades are effective.
• Develop and maintain internal security documentation and provide technical training and guidance for IT staff and end users on security best practices.
• Maintain required documentation, perform internal security testing, and coordinate responses to audit findings or external audit requests.
• Respond to external security questionnaires, assessment tools, and client security surveys.
• Track key security program metrics and use these insights to drive ongoing program improvements.

Benefits

• Competitive, affordable insurance plans: Medical, dental, vision, life, disability, accidental death insurance, and flexible spending accounts for medical and dependent care
• 401(k) retirement savings plan with company contribution and an Employee Stock Ownership Plan (ESOP) with company contribution in Barr stock
• Profit distribution: Barr has a "no retained earnings" model and distributes all profit to our employees through our annual bonus distribution plan, ESOP, and dividends to shareholders
• Annual time and expense allowances, mentorship program, and many internal training opportunities
• Paid time off, holidays, overtime for non-exempt/hourly staff, and compensatory time for exempt/salaried staff (time off or pay for extra time worked), paid family leave
• Ergonomic analysis and equipment, Personal Protective Equipment allowance, wellbeing-focused educational opportunities