IT Information Security Manager

About The Position

Requirements

• Leadership: 3+ years of experience managing or leading IT security professionals.
• Compliance: Proven experience leading an organization through a major cybersecurity assessment (CMMC, NIST 800-171, ISO 27001, or SOC2).
• Cybersecurity Breadth: 7+ years of total experience in Information Security with a strong foundation in both GRC and technical operations.
• EDR Expert: Hands-on experience managing Enterprise Detection and Response tools.
• SOC Operations: Experience working with Managed Security Service Providers (MSSP) or SOC environments.
• Framework Mastery: Deep understanding of NIST CSF and NIST 800-171.
• Infrastructure: Familiarity with securing O365 environments, cloud infrastructure, and ideally, Operational Technology (OT) found in utility environments.
• Certifications: One or more of the following are required: CISSP, CISM, or CISA.
• Education: Bachelor’s degree in Cybersecurity, IT, Computer Science, or a related field.

Responsibilities

• Team Leadership & Mentorship
• Direct Management: Lead, mentor, and develop a team of IT Security Analysts, fostering a culture of continuous learning and technical excellence.
• Resource Allocation: Manage the team’s daily priorities, balancing long-term compliance projects with immediate security operational needs.
• Professional Development: Define career paths and training goals for team members to ensure the department stays ahead of evolving cyber threats.
• Security Operations & Technical Oversight
• Managed SOC Integration: Serve as the primary technical liaison and escalation point for our SOC-as-a-Service provider. Review managed alerts, tune log sources, and lead incident response efforts.
• Endpoint Protection: Own the technical administration and strategy for our EDR platform, ensuring 100% coverage, optimized sensor policies, and rapid threat hunting capabilities.
• Incident Response: Lead the internal SIRT (Security Incident Response Team), translating SOC alerts into actionable remediation steps for the broader IT team.
• CMMC 2.0 & Federal Compliance Leadership
• Certification Roadmap: Lead the organization through the transition from Phase 1 self-attestation to Phase 2 (C3PAO) Certification to meet the November 2026 mandate.
• CUI Boundary Management: Define and manage the scope of Controlled Unclassified Information (CUI) throughout the project lifecycle—from bidding to final field implementation.
• SPRS & Documentation: Maintain ownership of Aldridge’s score in the Supplier Performance Risk System (SPRS). Update the System Security Plan (SSP) and Plan of Action and Milestones (POA&M) regularly.
• Enterprise Risk & Policy
• Risk Register: Maintain the Enterprise Cybersecurity Risk Register, quantifying risks for executive stakeholders.
• Third-Party Risk (TPRM): Oversee the security vetting process for subcontractors and vendors, ensuring they meet the required security standards for project participation.
• Policy Enforcement: Develop and enforce internal security policies that balance high-security requirements with the operational speed required in the construction industry.

Benefits

• Health Insurance
• Dental Insurance
• Vision Insurance
• Wellness Incentive Programs
• Short and Long Term Disability
• Flexible Spending Accounts
• Life Insurance
• Legal Assistance
• Identity Protection
• Accident & Critical Illness Insurance
• Company 401(k) Matching Contributions
• Paid Time Off (PTO)
• Employee Assistance Program (EAP)