IT Security Manager

About The Position

Requirements

• 5+ years of progressive experience in information security, security compliance, cloud security, or security engineering, including hands-on ownership of controls and remediation programs.
• Bachelor’s degree in computer science, Information Security, Information Systems, or equivalent practical experience.
• Experience with PCI DSS and payment-security control environments; experience with SOC 2, ISO 27001, or related frameworks is helpful.
• Working knowledge of AWS and modern SaaS security, including IAM, Entra ID, Microsoft 365, logging, monitoring, segmentation, encryption, vulnerability management, and workload security.
• Experience with people management and growing team capabilities
• Experience with security operations fundamentals such as SIEM or log management, MDR or managed detection oversight, alert triage, incident response coordination, vulnerability scanning, penetration test remediation, and access reviews.
• Experience partnering with software engineering teams on secure SDLC, application security, and change management in fast-moving delivery environments.
• Ability to write clear policies, standards, procedures, risk summaries, executive updates, and audit evidence with a high level of precision and follow-through.
• Able to move comfortably between strategic planning, control design, hands-on validation, and day-to-day operational follow-up.
• Confident communicator with technical accuracy or practical focus who is comfortable working with executives, auditors, engineers, and business teams.
• Organized and detail-oriented, with strong critical thinking, sound prioritization, and good judgment in risk-based decision making.
• Persuasive and practical in driving change cross-functionally.
• Comfortable reading technical documentation, architecture diagrams, logs, tickets, and code or scripts when needed to validate security posture.

Nice To Haves

• experience with SOC 2, ISO 27001, or related frameworks is helpful.

Responsibilities

• Manages the security management framework, policies, standards, control evidence, and operating rhythms needed to sustain a PCI DSS-first program while maintaining supporting SOC 2 obligations.
• Lead security operations across cloud and corporate platforms, including AWS security services, Entra ID, Microsoft 365, MDR solution oversight, logging and monitoring, vulnerability management, and access governance.
• Drive investigation and response for security events, control failures, suspicious activity, and potential data exposure scenarios; coordinate containment, remediation, communications, and lessons learned.
• Partner with Engineering, Product, Cloud Platform, and IT to strengthen secure design, application security, change control, segmentation, encryption, hardening, and remediation of security findings.
• Manages security risk management and third-party security oversight by translating control requirements, technical findings, and business risk into prioritized actions and measurable follow-through.
• Lead the team of Security Analyst(s) while influencing cross-functional stakeholders through strong critical thinking, sound judgment, and a persuasive approach to change.

Benefits

• 4 weeks of vacation per year
• 5 personal days annually
• paid sick days
• Comprehensive medical & dental coverage
• Employee Assistance Program (EAP)
• Career Growth & Learning Support