Security Manager

About The Position

Requirements

• 5+ years of hands-on security experience with at least 2 years in a security leadership or manager role.
• Demonstrated experience owning ISO 27001 and SOC2 programs, including successful audit cycles and remediation.
• Strong practical knowledge of risk management frameworks and a documented, risk-based decision process.
• Hands-on familiarity with cloud platforms (AWS, Azure), identity & access management, endpoint protection, SIEM/EDR and vulnerability scanning.
• Experience with GRC platforms and running policy attestation workflows (eg; Drata, Vanta, etc)
• Excellent written and verbal communication skills. Ability to author clear, enforceable policies and communicate risk to technical and executive audiences.
• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)

Nice To Haves

• Professional certifications such as CISSP, CISM, CISA, or ISO27001 Lead Implementor/Auditor.
• Prior experience supporting hybrid environments (on-prem + cloud) and virtual infrastructure (VMware).
• Familiarity with SOC2 auditor expectations, control mapping, and evidence generation.
• Experience with automation, scripting, and security tooling integrations.

Responsibilities

• Define, maintain and evolve a risk-based security strategy and roadmap aligned to business objectives.
• Lead formal risk assessments, maintain a risk register, and prioritize remediation by business impact and likelihood.
• Translate risk decisions into measurable security initiatives and KPIs.
• Own end-to-end ISO 27001 and SOC 2 programs and ensure timely completion of annual audits (internal and external).
• Coordinate audit planning, evidence collection, remediation tracking, and auditor liaison.
• Maintain policy acceptance and staff compliance using our GRC platform. Drive attestations, exceptions, corrective actions, and reporting.
• Prepare readiness assessments, internal audit schedules, and continuous monitoring to maintain certification and attestations.
• Host Incident Response Tabletops aligned with our ISMS IR policy.
• Create, revise and operationalize security policies, standards and procedures to ensure they are functional, enforceable, and compliant with ISO 27001, SOC 2 and applicable laws/regulations.
• Ensure policies reflect operational realities (performance, availability, business workflows) while meeting security and compliance objectives.
• Run the policy lifecycle: drafting, stakeholder review, approval, publishing, implementation, training and periodic review.
• Serve as the company's primary internal and external representative for security concerns, events, and incident response activities.
• Oversee vulnerability management, patching, endpoint protection, identity & access management, and cloud security controls across on-prem and cloud environments in collaboration with our IT Support team.
• Define security requirements and review system designs, including cloud (AWS/Azure/GCP) and hybrid architectures.
• Partner with IT and Development to ensure secure system configuration, logging, monitoring, and incident readiness.
• Lead security incident response coordination, post-incident reviews and remediation ownership.
• Mentor, and grow security team members; set clear objectives and career development plans.
• Act as the security liaison to the business to align security with business priorities.
• Oversee third-party/vendor risk assessments and security requirements for procurement.
• Meet with customers to address security & compliance questions.
• Own budgeting and sourcing of security tools and services.
• Execute other duties typical of a security manager as required.