Security Manager

About The Position

Requirements

• High school diploma or GED.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related technical field. Equivalent professional experience may be accepted in lieu of formal education.
• CISM, CISSP, CEH, or comparable cybersecurity certifications.
• Minimum of seven (7) years of experience as a cyber security engineer with at least two (2) years of experience leading a cyber security team.
• Proven hands-on experience securing IT infrastructures, performing vulnerability management, and overseeing incident response.
• Minimum of five (5) years of experience implementing or managing security frameworks such as NIST CSF, ISO 27001, or CIS benchmarks.
• Proficient in network security practices, including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and endpoint protection solutions.
• Experience with security operations tools such as SIEM platforms, vulnerability scanners, and penetration testing utilities.
• Practical knowledge of configuring and managing DNS, DHCP, and identity management tools (e.g., LDAP, Active Directory).
• Familiarity with system hardening guides, such as CIS Controls, DISA STIGs, or USGCB.
• Skilled in developing, documenting, and maintaining security policies, standards, and incident response plans.
• Demonstrated ability to conduct security audits, assess compliance, and recommend improvements.
• Ability to lead and mentor technical staff, fostering a culture of collaboration and continuous improvement.
• Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
• Knowledge of emerging threats, threat intelligence, and advanced attack mitigation techniques.
• Familiarity with DevSecOps practices or secure software development lifecycle (SDLC).
• Proven ability to manage small teams or projects with limited resources.
• Strong interpersonal skills to collaborate with IT and business stakeholders.
• Ability to write and enforce basic security policies and procedures.
• Strong organizational, multi-tasking, and prioritizing skills.
• Ability to work independently and apply sound judgment and reasoning skills to a variety of situations, multi-task and collaborate effectively with other personnel to meet deadlines.
• Ability to work within critical deadlines.
• Ability to communicate effectively across multiple large organizational structures (Verbal / Email / TXT).
• Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.

Responsibilities

• Lead, supervise, and mentor a team of cybersecurity analysts and engineers.
• Assign tasks, monitor performance, and ensure the team meets its objectives efficiently.
• Foster a culture of continuous learning by providing training, certifications, and knowledge-sharing opportunities.
• Conduct performance evaluations and recommend career development plans for team members.
• Recruit, develop, and retain top cybersecurity talent.
• Design a multi-year cybersecurity strategy that aligns with organizational goals and technological advancements.
• Define measurable goals and KPIs to track security program success.
• Present the strategy to executive leadership and adjust based on feedback and evolving business needs.
• Develop, implement, and maintain security policies, standards, and guidelines.
• Regularly review and update policies to stay ahead of emerging threats and regulatory requirements.
• Create and manage the cybersecurity budget, ensuring investments are aligned with organizational priorities.
• Identify opportunities to optimize costs while maintaining strong security standards.
• Lead periodic organization-wide risk assessments, vulnerability scans, and threat analyses.
• Create detailed risk profiles for business units, prioritizing risks based on likelihood and potential impact.
• Develop risk mitigation plans that integrate seamlessly into operational processes.
• Ensure implementation of controls for physical, cloud, and network infrastructures.
• Oversee security audits for vendors, contractors, and third-party partnerships.
• Establish criteria for vendor selection based on security posture.
• Ensure compliance with data protection laws, such as GDPR, HIPAA, or local equivalents.
• Ensure adherence to industry standards and regulations (e.g., NIST CSF, ISO 27001, SOX, PCI DSS).
• Establish and regularly update an Incident Response Plan (IRP) that addresses various scenarios, including ransomware, DDoS attacks, and data breaches.
• Lead cross-functional teams during incidents to minimize business disruption.
• Ensure detailed post-incident reports with root cause analyses and recommendations for improvement.
• Partner with IT and operations teams to integrate cybersecurity into disaster recovery and business continuity plans.
• Test and refine plans through simulations and tabletop exercises.
• Ensure 24/7 monitoring, detection, and response capabilities.
• Evaluate and implement advanced technologies like AI-driven threat detection and zero-trust architectures.
• Oversee the deployment and maintenance of security technologies, including firewalls, IDS/IPS, EDR solutions, and SIEM platforms.
• Ensure robust security configurations across all systems, including cloud services, IoT devices, and mobile endpoints.
• Implement encryption, tokenization, and DLP (Data Loss Prevention) systems to safeguard sensitive data.
• Develop executive-level reports that track security metrics, risk scores, and incident trends.
• Create and lead cybersecurity awareness training programs for all employees.
• Measure effectiveness through phishing simulations and employee engagement metrics.
• Act as a key partner to IT, legal, compliance, HR, and other departments to ensure security is embedded across the organization.
• Participate in major project planning to identify and address security implications early.
• Must be available to work regular business hours Pacific Standard Time.
• Must also be available to work on-call, evenings and weekends as needed.
• Performs other duties as required to support the business and evolving organization.

Benefits

• Medical
• dental
• vision
• 401k
• flexible spending account
• paid sick leave
• paid time off
• parental leave
• quarterly performance bonus
• training
• career growth
• education reimbursement programs