IT Security Manager

About The Position

Requirements

• Minimum of 2 years of experience in information security, with a focus on governance, risk, and compliance
• Demonstrated experience owning or leading GRC processes, including risk management, policy development, and governance
• Experience developing and implementing security policies, standards, and procedures
• Experience conducting risk assessments and managing risk through formal tracking and escalation processes
• Experience working with regulatory frameworks such as NIST, IRS Pub 1075, or similar (framework-agnostic experience acceptable)
• Experience coordinating audits and managing remediation efforts
• Experience working across business and technical teams to drive alignment and accountability
• Strong ability to build and operate structured programs in environments with limited existing process
• Demonstrated experience defining ownership and driving accountability across teams without direct authority
• Ability to translate technical risk into clear business impact and communicate effectively with leadership
• Experience working in complex environments with multiple stakeholders, including vendors and external partners
• Comfort operating in ambiguity and establishing clear direction and priorities
• Strong organizational and operational discipline, with a focus on documentation, tracking, and follow-through

Nice To Haves

• Prior management or team leadership experience preferred

Responsibilities

• Own and operate the Revenue IT GRC program, including risk management processes, governance structures, and compliance tracking
• Establish and maintain a centralized risk register, including identification, prioritization, and escalation of risks to leadership
• Develop, implement, and maintain security policies, standards, and procedures aligned to organizational needs and regulatory requirements
• Define and enforce governance processes, including clear ownership, accountability, and escalation paths across teams and vendors
• Lead security-related risk assessments and partner with system owners to define and track mitigation strategies
• Coordinate and manage internal and external audits, including documentation, response tracking, and remediation follow-up
• Work with vendors and internal teams to ensure accountability for security controls, deliverables, and knowledge transfer
• Communicate security risks, priorities, and program status to leadership in a clear and actionable manner
• Build structure in areas with limited process, ensuring consistency and transparency across security-related activities
• Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate risks
• Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms).
• Respond to security incidents and implement corrective actions.
• Partner with the City’s Security Team to ensure City policies are applied throughout Revenue.
• Participate in security audits and compliance reviews.
• Communicate security-related information effectively to both technical and non-technical audiences, performs miscellaneous job-related duties as assigned.
• Coach teams on risk ownership and control implementation; develop a culture of accountability and transparency

Benefits

• Comprehensive health coverage for employees and their eligible dependents
• Wellness program offers eligibility into the discounted medical plan
• Paid vacation, sick leave, and holidays
• Generous retirement savings options are available
• Public Service Loan Forgiveness program eligibility
• Free Commute on SEPTA (SEPTA Key Advantage Program)
• Tuition Discounts and Scholarships (10% to 40% savings)