Security Program Manager

About The Position

Requirements

• Experience: 7+ years of progressive experience in information security, risk management, or related fields; at least 3 years in a program or project management capacity.
• Education: Bachelor’s degree in Computer Science, Information Security, Business Administration, or a related discipline (Master’s preferred).
• Technical Knowledge: Strong understanding of security frameworks (NIST CSF, ISO 27001), cloud security (AWS, GCP), network security, encryption, identity & access management, and emerging threat landscapes.
• Leadership & Communication: Proven ability to influence and drive consensus across diverse stakeholders; exceptional written and verbal communication skills.
• Analytical Skills: Ability to translate complex security concepts into actionable business recommendations.

Nice To Haves

• Certifications (preferred): PMP, PMI ACP, CISSP, CISM, CRISC, or equivalent.
• Strategic thinker with a hands-on approach to problem solving‑.
• Comfortable working in fast-paced, dynamic environments
• Team player and detailed oriented
• Ability to interact with both internal and external auditors for security audits
• Passion for continuous learning and staying current with security trends.

Responsibilities

• Plan, design, and oversee the execution of comprehensive security programs and projects from inception to completion, ensuring they are delivered on time and within budget.
• Define program metrics, KPIs, and reporting mechanisms to track effectiveness and present results to senior leadership.
• Lead security related‑ projects from conception through delivery, ensuring timelines, budgets, and quality criteria are met
• Serve as the primary point of contact for security inquiries and escalations.
• Conduct risk assessments, threat modeling, and gap analyses; prioritize remediation efforts based on business impact.
• Ensure compliance with relevant regulations and standards (e.g., GDPR, CCPA, PCI DSS, HIPAA, SOX).
• Manage security audits and coordinate with external auditors and regulators.
• Partner with engineering, product management, platform engineering and business teams to implement, track and monitor security controls that remediate risks
• Develop, implement, and enforce security policies, procedures, and standards to ensure compliance with relevant laws and regulations (e.g., GDPR, HIPAA, ISO 27001, NIST).
• Oversee, track and drive vulnerability remediation to meet established SLA’s
• Evaluate, select, and manage third-party‑ security vendors and service providers.
• Oversee the incident response lifecycle, including preparation, detection, containment, eradication, recovery, and post incident‑ analysis.
• Drive development of external communication in collaboration with stakeholders and senior leadership
• Drive root cause analysis and post-mortem investigations and implement lessons learned across the organization.
• Oversee the incident response lifecycle, including preparation, detection, containment, eradication, recovery, and post incident analysis.
• Drive root cause investigations and long-term corrective actions as security projects across the organization.
• Stay informed about emerging security threats, technologies, and industry trends, making recommendations for enhancements to the security program.