Manager, Information Security

About The Position

Requirements

• Bachelor’s Degree in Computer Science, IT, or similar field required.
• Minimum 10+ years of cybersecurity experience, including 6+ years in Security Operations and Incident Response.
• Minimum 3+ years leading technical security teams.
• Deep expertise in SIEM and SOAR engineering.
• Strong hands‑on incident response background, including forensics, containment, and executive communications.
• Proven experience in vulnerability management and threat hunting.
• Cloud security experience in AWS and Azure.
• Understanding of Property & Casualty insurance platforms and regulatory obligations.

Nice To Haves

• AI‑DRIVEN SECURITY OPERATIONS
• Experience using large language models for alert triage, automated summarization, and signal classification.
• Hands‑on or leadership experience with behavioral AI and NDR platforms (e.g., Darktrace).
• Use of machine‑learning‑driven detection techniques such as UEBA, anomaly scoring, and clustering.
• AI‑assisted detection engineering, including threat‑intelligence pattern extraction and rule or code generation.
• Establishing AI governance and safe‑use patterns, including prompt controls, data redaction, and hallucination mitigation.
• Integrating Snowflake data pipelines with ML engines for predictive risk scoring and incident correlation.
• Applying AI to vulnerability triage, exploit likelihood prediction, and remediation pattern identification.
• GIAC (GCIA, GCFA, GCTI, GREM), CISSP, CCSP
• AWS or Azure Security Specialty
• Machine Learning or AI engineering exposure strongly preferred
• Security Analytics & Operations
• SIEM / SOAR: Splunk, Microsoft Sentinel, Rapid7 SOAR, Cortex XSOAR
• EDR / XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto Cortex XDR
• NDR / AI Security: Darktrace (preferred), Zeek, Suricata
• Cloud, Data & Network
• Cloud Security: AWS GuardDuty, AWS Security Hub, Azure Defender
• Data Platforms: Snowflake, Event Hubs, Data Lakes
• Network: Palo Alto Networks firewalls, Prisma Access
• Data Protection & Messaging
• DSPM / DLP: BigID, Purview, Symantec
• Email Security: Proofpoint, Mimecast

Responsibilities

• Lead and develop SOC Analysts, Incident Response Engineers, Threat Hunters, Vulnerability Analysts, and SIEM/SOAR Engineers.
• Serve as Incident Commander for major security incidents, coordinating response execution, communications, and executive updates.
• Maintain and continuously improve incident runbooks, escalation matrices, response playbooks, and post‑incident review (PIR) processes.
• Drive alignment with NIST CSF, MITRE ATT&CK, NAIC Model Law, NYDFS 500, ISO 27001, and SOC 2 requirements.
• Report security posture, incident trends, and operational KPIs to senior leadership.
• Own SIEM and SOAR detection strategy and operational execution (Splunk, Microsoft Sentinel, Rapid7 SOAR, Cortex XSOAR).
• Build, tune, and optimize detections mapped to the MITRE ATT&CK framework.
• Lead digital forensics and incident response across endpoints, cloud, email, network, SaaS, and data platforms.
• Conduct proactive threat hunting using intelligence from ISACs, vendors, and internal telemetry sources.
• Operate and mature the enterprise vulnerability management program (Rapid7, Tenable, Qualys).
• Manage external attack surface monitoring and shadow IT discovery.
• Drive risk‑based prioritization, executive-level reporting, and remediation tracking aligned to business impact.
• Oversee endpoint and identity security controls (Microsoft Defender, CrowdStrike, Entra ID, Okta, Privileged Access Management).
• Manage email and messaging security platforms (Proofpoint, Mimecast).
• Partner with Network teams on firewall operations, NDR, and network telemetry (Palo Alto NGFW, Prisma Access).
• Ensure complete security visibility across AWS and Azure environments.
• Manage logging, detections, and guardrails for Snowflake, data lakes, container platforms, and core policy and claims systems.
• Integrate application security and CI/CD signals into SOC monitoring and incident response workflows.
• Ensure evidence handling, documentation, and reporting meet regulatory and audit requirements.
• Lead and execute incident tabletop exercises tailored to Property & Casualty insurance business scenarios.
• Support regulatory exams, audits, and internal control assessments.
• Drive SOAR automation to reduce analyst toil and mean‑time‑to‑respond.
• Standardize logging requirements, security data models, and detection‑as‑code practices.
• Continuously improve SOC efficiency, resilience, and service quality.
• Participate in a committee that brings together key security and risk stakeholders to develop and review enterprise security and risk strategies.
• Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks and hazards.
• Recognize the trade-offs required to manage the different levels of information security risk tolerance and risk exposure across the organization and balance this with risk investments.
• Report security performance against established security metrics and service level agreements.
• Understand “voice of the customer” and develop mechanisms to proactively sense adoption and usage patterns of consumer technologies by end-users so that policy can align with need.
• Evaluate documented resolutions and analyze trends for ways to prevent future problems.
• Cultivate, disseminate, and enforce policies, standards, and procedures.
• Develop and implement long-term goals and objectives to achieve the successful outcome of the team.
• Enhance the information security awareness program to customize communication tools and campaigns for each business unit and integrated services group.
• Develop and recommend information security policies and procedures by evaluating organization outcomes, identifying problems, evaluating trends, and anticipating requirements.
• Develop, conduct, support, or assist in governmental reviews, internal corporate evaluations, or assessments of the overall effectiveness of Security program.
• Develop procedures to evaluate organizational Security and General IT controls.
• Lead security training and communicate policies.
• Lead by promoting a culture of collaboration, continuous improvement, quality and accountability.
• Develop evaluation framework to assess the strengths of the team and to identify areas for improvement.

Benefits

• We offer a competitive benefits package, with generous medical, dental, and vision plans as well as 401K retirement plans and company match
• Bonus potential for all positions
• Paid Time Off
• Paid holidays throughout the calendar year
• Want to continue learning? We’ll support you 100%