IT Security Manager

About The Position

Requirements

• 10+ years of IT experience, with at least 5 years in an information security role and 2+ years in a people management or supervisory capacity.
• Hands-on experience with cloud security across Okta, Zscaler, S1, Microsoft 365, Okta, Azure, and Entra ID; familiarity with Jamf and Snowflake environments is a strong plus.
• Demonstrated experience executing or advancing a Zero Trust security model, including identity, device, and network controls.
• Experience managing and responding to real security incidents — not just tabletop exercises.
• Strong working knowledge of NIST/CMMC, CIS Benchmarks, and related frameworks; ability to explain them clearly to both technical and non-technical audiences.
• Proficiency in vulnerability management, including tooling, prioritization, and driving remediation across teams.
• Strong leadership and communication skills — able to work effectively with business stakeholders, IT leadership, and technical staff at all levels.
• Experience developing and maintaining security policies, standards, and procedures.
• Comfortable operating in a Windows and Mac environment.
• Ability to work flexible schedules to meet job requirements and travel occasionally to office locations.

Nice To Haves

• Security certifications such as CISSP, CISM, CCSP, or equivalent.
• Exposure to AI governance, data loss prevention for generative AI, or secure enablement of AI tools at enterprise scale.
• Experience in education, edtech, or another mission-driven environment.
• Experience with Microsoft Defender suite, Microsoft Purview, and/or Jamf Protect.
• Experience with Snowflake security, Azure Private Link, and data platform access controls.

Responsibilities

• Lead the execution of Great Minds' Zero Trust security roadmap, including identity-based access, device trust, conditional access policies, and network segmentation across cloud and on-premise environments.
• Manage and continuously improve the NIST /CMMC security program, including risk assessments, policy development, and security control implementation.
• Lead the day-to-day operations of threat and vulnerability management — identify, prioritize, and drive remediation in partnership with IT and business teams.
• Lead incident response efforts: detection, containment, investigation, remediation, and post-incident review.
• Manage vendor and third-party risk, including security reviews for new tools, RFP support, and ongoing monitoring of critical SaaS and cloud providers.
• Oversee security tooling and platforms, including Entra ID, Okta, Zscaler, SentinelOne, Microsoft Defender, Microsoft Purview, — ensuring proper configuration, coverage, and integration.
• Develop and maintain security metrics, dashboards, and reports that communicate risk posture and program maturity to IT leadership and stakeholders.
• Collaborate with the Infrastructure & Operations team to ensure security requirements are built into system design, cloud architecture, and change management processes.
• Provide guidance and oversight for AI security and data governance, including secure enablement of generative AI tools and data loss prevention in collaboration with IT and business stakeholders.
• Manage a team of information security professionals — set clear expectations, develop skills, and build a high-performing, mission-aligned security function.
• Assist in planning, developing, and enforcing information security policies, standards, and procedures.
• Serve as a trusted security advisor across the organization — explaining risks and controls clearly to both technical teams and non-technical business leaders.
• Support IT projects across the business by ensuring security is properly incorporated into new solutions and design changes.

Benefits

• The base salary is not inclusive of benefits or other incentives.