Security Posture and Configuration Manager

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Information Technology, Engineering, or a related field.
• Ten (10) or more years of progressive experience in information security, technology risk, or related technology disciplines.
• Five (5) or more years of people leadership experience, including managing managers and leading teams with diverse technical skillsets.
• Broad experience across enterprise security operations, risk management, governance, and security controls.
• Managing and evolving enterprise security configuration baselines, including CIS and comparable frameworks.
• Designing and overseeing automated configuration monitoring and validation, leveraging scanning and telemetry solutions to assess deep technical configurations.
• Reducing configuration drift through scalable remediation approaches aligned with application and platform teams.
• Integrating Policy‑as‑Code (PaC) and Infrastructure‑as‑Code (IaC) practices into security governance and delivery workflows.
• Leading SaaS and container configuration management strategies at enterprise scale.
• Leveraging data analytics and security telemetry to evaluate configuration posture and produce risk‑based insights from configuration and security metadata.

Nice To Haves

• Demonstrated ability to influence and drive outcomes across large, complex organizations without relying solely on direct authority.
• Experience building, scaling, or unifying enterprise security capabilities across multiple platforms or organizational boundaries.
• Experience operating in environments with cloud‑first architectures, SaaS platforms, containerized workloads, and modern DevOps practices.
• Proven success leading teams through ambiguous, transformational environments, including standing up new capabilities while maintaining operational delivery.
• Advanced degree in Information Security, Technology, or a related discipline.
• Professional certifications such as CISSP, CISM, CISA, or equivalent.

Responsibilities

• Establish, lead, and mature an enterprise Configuration Management capability, consolidating multiple previously distributed configuration functions into a scalable and consistent operating model across cloud, SaaS, containerized, and on‑prem environments.
• Direct and develop multiple teams of senior security professionals responsible for configuration baseline definition, automated and manual validation, monitoring, governance, and remediation execution.
• Define and operationalize risk‑based configuration standards and tolerance thresholds, translating complex configuration data into enterprise‑level risk signals that inform compliance monitoring and decision‑making.
• Design and oversee how configuration data, scanning results, and validation checks are sourced, integrated, and consumed to ensure accurate, defensible, and actionable security outcomes.
• Lead a highly visible, customer‑facing security function, partnering with Technology, Business Line Risk, and Governance teams to enable secure delivery while minimizing friction, unnecessary exceptions, and repeated escalations.
• Serve as a senior escalation point for configuration deviations and risk exceptions, balancing security requirements with business enablement through executive‑level negotiation and influence.
• Build and evolve remediation strategies and operating models, including standing up new capability where required, while transitioning from manual approaches to scalable, automated solutions.
• Drive tooling assessment, integration, and rationalization to address capability gaps and improve efficiency, accuracy, and sustainability of configuration management outcomes.
• Lead teams through a build‑and‑run transformation, unifying legacy and modern approaches while delivering measurable risk reduction and control effectiveness results.
• Influence enterprise security strategy by ensuring configuration posture supports evolving technology adoption, including cloud platforms, AI enablement, and modern delivery models.

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law