Manager, Security Issues Management

About The Position

Requirements

• Bachelor's Degree Cybersecurity, Information Technology, or a related field; or equivalent experience required
• 6+ years governance, audit, compliance, or regulatory functions required

Nice To Haves

• PgMP or PMP Upon Hire preferred
• CISA, CGEIT, or CRISC Upon Hire preferred
• CISSP Upon Hire preferred

Responsibilities

• Manages day to day operations of the Security Issues Management team, ensuring remediation activities are executed accurately, consistently, and within established SLAs.
• Provides people leadership, workload prioritization, and operational oversight while serving as a primary liaison between the Issues Management Program Manager and cross functional stakeholders.
• Ensures remediation efforts align with enterprise risk tolerance, regulatory expectations, and recognized cybersecurity frameworks.
• Leads and oversees the end-to-end lifecycle of security issues management, including remediation planning, execution tracking, evidence collection and validation, documentation, and issue closure activities.
• Manages, prioritizes, and allocates team resources to address the most pressing risk areas, ensuring adherence to defined SLAs, regulatory requirements, and stakeholder expectations.
• Provides direct people leadership for Security Issues Management analysts, including coaching, mentoring, performance management, and skills development to ensure effective execution of responsibilities.
• Serves as a subject matter expert on security issues remediation by advising stakeholders on technical fulfillment requirements, evidence expectations, and the broader Security Issues Management process.
• Oversees remediation activities resulting from internal audits, external audits, regulatory examinations, and risk assessments, ensuring consistency with enterprise risk tolerance and avoidance of duplicative efforts.
• Partners with Internal Audit, Compliance, Legal, Privacy, Technology Risk, and technical teams to coordinate remediation activities, resolve blockers, and drive timely issue resolution.
• Identifies systemic or recurring issues, leads root cause analysis, and drives process or control improvements to reduce repeat findings and enhance control effectiveness.
• Develops, matures, and continuously improves processes, documentation, and automation to enhance cybersecurity risk management and issues remediation capabilities.
• Ensures issues management activities align with recognized cybersecurity and risk management frameworks (e.g., NIST, ARC-AMPE), as applicable to the organization.
• Maintains awareness of existing and proposed enterprise security policies and standards, and provide input and support for policy and standard development as needed.
• Ensures data quality, accuracy, and consistency within GRC tools used for tracking, reporting, and managing security issues.
• Contributes to executive level reporting by synthesizing remediation status, trends, risk themes, and control weaknesses for leadership consumption.
• Supports regulatory and examiner interactions by providing remediation evidence, status updates, and management responses related to security issues.
• Promotes a culture of accountability, risk ownership, and continuous improvement across remediation stakeholders and teams.
• Performs other duties as assigned.
• Complies with all policies and standards.

Benefits

• competitive pay
• health insurance
• 401K and stock purchase plans
• tuition reimbursement
• paid time off plus holidays
• a flexible approach to work with remote, hybrid, field or office work schedules