Security Manager

About The Position

Requirements

• Advanced experience with Microsoft cloud security ecosystems (Azure, Sentinel, Entra ID, Defender XDR, Purview, Intune).
• Experience managing security across both corporate IT and cloud-based production environments.
• Proven ability to design, measure, and mature programs aligned with SOC 2, HIPAA, and FERPA frameworks.
• Strong understanding of Azure networking (firewalls, routing, NSGs, VPNs, load balancers) and SaaS workload protection.
• Proficiency in incident response, detection engineering, vulnerability management, and identity security.
• Demonstrated success leading technical teams and driving organization-wide security adoption.
• Effective communicator—able to translate complex issues into clear, actionable guidance for both technical and non-technical audiences.
• Skilled at navigating ambiguity, making risk-based decisions, and prioritizing effectively in a fast-moving environment.
• Track record of building alignment across IT, Engineering, Compliance, and business stakeholders.

Nice To Haves

• Container and Kubernetes security.
• Azure Landing Zones and infrastructure automation.
• Infrastructure-as-code (Terraform, Bicep, Azure DevOps).
• Experience governing MSSP engagements or MDR/XDR programs.
• CISM, CISSP, ITIL, CompTIA or similar certifications are a plus.

Responsibilities

• Lead and mature EverDriven’s enterprise security program by defining strategy, measurable objectives, and execution rhythms across corporate and production environments.
• Own the full lifecycle of security policies—drafting, updating, communicating, and measuring adoption to ensure practicality, auditability, and alignment with evolving business needs.
• Manage the company’s security awareness program (KnowBe4), driving measurable behavioral change through ongoing simulations, role-based training, and targeted communications.
• Govern EverDriven’s partnership with its MSSP, overseeing expectations, detection tuning quality, and continuous improvement opportunities.
• Oversee third-party risk management, ensuring vendors meet security standards, documenting remediation plans, and aligning with procurement and legal stakeholders.
• Lead annual disaster recovery and business continuity planning, ensuring system resilience and readiness through realistic testing and cross-team coordination.
• Protect student, employee, and operational data through Microsoft security solutions including Azure, Sentinel, Entra ID, Defender XDR, Purview, and Intune.
• Champion zero-trust architecture across Azure and M365, ensuring identities, access pathways, and network controls scale securely with EverDriven’s growth.
• Integrate security into engineering workflows—embedding controls into CI/CD pipelines, code review standards, and infrastructure-as-code practices, enabling secure automation without slowing delivery.
• Lead the end-to-end incident response, vulnerability management, and threat hunting programs—establishing playbooks, maturing detection capabilities, coordinating response, and driving continuous learning through retrospectives and tabletop exercises.
• Align security, compliance, and risk management with HIPAA, FERPA, and SOC 2 frameworks—ensuring EverDriven maintains trust with school districts, auditors, and partners.
• Coordinate and deliver responses to customer and district security assessments, questionnaires, and due-diligence requests, ensuring clarity, accuracy, and alignment with EverDriven’s security posture.
• Partner with Engineering, IT, and Business Operations to translate compliance into actionable controls, documentation, and audit-ready processes.
• Drive operational excellence by establishing repeatable controls, reporting mechanisms, and accountability frameworks used across teams.
• Evaluate emerging technologies—including AI-assisted detection, confidential computing, advanced identity tooling, and passwordless authentication—and pilot solutions that materially reduce risk or improve operational efficiency.
• Anticipate future security challenges and proactively evolve EverDriven’s controls, processes, and automation to stay ahead of the threat landscape.
• Build a culture of shared responsibility by mentoring engineers and IT staff, modeling strong security judgment, and raising overall security literacy.

Benefits

• Medical, Dental, Vision insurance
• Virtual Doctor Visits with $0 Co-Pay
• Life Insurance (company paid)
• Short Term Disability Insurance (company paid)
• Long-Term Disability Insurance (company paid)
• Flexible Time Off (FTO)
• Paid Holidays
• Paid Time to Volunteer
• Flex Spending Account (FSA)
• 401K Plan (with an awesome employer match!)
• Employee Assistance Program
• Employee Discounts Program