Senior Manager, Cybersecurity

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 10+ years of progressive experience in cybersecurity or information security, with significant hands-on technical responsibility
• Demonstrated experience personally implementing and configuring security technologies, not solely managing teams or vendors
• Deep expertise in Microsoft 365 security, including Conditional Access, Intune (MDM/MAM), Defender, identity protection, and tenant hardening
• Strong experience implementing SASE, DLP, IAM, PAM, endpoint security, SIEM, vulnerability management, and Zero Trust architectures
• Proven experience developing and enforcing CIS hardening standards, security baselines, GPOs, and secure images.
• Experience with regulatory and compliance requirements (e.g., SOX, SOC 2)
• Ability to lead teams while remaining technically hands-on and execution-focused
• Excellent communication skills with the ability to translate technical risk into business impact

Nice To Haves

• Relevant certifications preferred: CISSP, CISM, CISA, CIS Controls Practitioner, Microsoft Security certifications, or equivalent

Responsibilities

• Define, execute, and maintain HASI’s enterprise cybersecurity strategy, roadmap, and target security architecture.
• Establish and enforce cybersecurity policies, standards, and technical controls aligned to NIST CSF, CIS Controls, and regulatory requirements.
• Ensure cybersecurity is embedded into enterprise architecture, infrastructure design, cloud platforms, and technology initiatives from inception.
• Provide regular, risk-based reporting on cybersecurity posture, control maturity, and emerging threats to executive leadership.
• Serve as a hands-on security leader, actively configuring, implementing, and tuning security technologies and controls.
• Lead the implementation and ongoing management of security platforms including SASE, DLP, IAM, PAM, endpoint protection, SIEM, and network security solutions.
• Perform and oversee vulnerability identification, remediation, and validation across infrastructure, cloud, endpoints, and applications.
• Actively participate in threat detection, security monitoring, incident response, root cause analysis, and post-incident remediation.
• Manage and enhance SOC capabilities, including direct oversight of MSSPs and validation of alerts, detections, and response quality.
• Own and manage security across the Microsoft 365 ecosystem, including Entra ID (Azure AD), Exchange Online, SharePoint, OneDrive, Teams, and Defender platforms.
• Design, implement, and maintain Conditional Access policies, identity protection controls, and Zero Trust access models.
• Lead Mobile Device Management (MDM/MAM) strategy and implementation using Microsoft Intune, including device compliance, application protection, and data loss prevention controls.
• Develop, implement, and maintain CIS hardening baselines, security GPOs, and standardized secure workstation and server images.
• Ensure secure configuration and continuous hardening of Microsoft and endpoint environments in alignment with CIS benchmarks.
• Lead secure design and configuration of cloud environments (Azure, AWS), with a strong focus on defense-in-depth and least privilege.
• Implement identity-centric security controls, secure networking, logging, and monitoring across hybrid and cloud-native environments.
• Ensure security controls are integrated into automation, infrastructure-as-code, and modern IT delivery practices.
• Lead, mentor, and develop a team of cybersecurity professionals, while remaining technically engaged and hands-on.
• Establish clear expectations that balance strategic ownership with operational execution.
• Foster a culture of accountability, continuous improvement, and strong security engineering discipline.
• Partner with IT, risk, compliance, legal, and business teams to design solutions that are secure, scalable, and compliant.
• Act as a trusted technical advisor on cybersecurity risks, control design, and mitigation strategies.
• Drive organization-wide security awareness and training programs to improve cyber hygiene and reduce human risk.

Benefits

• The Company maintains a policy of non-discrimination in employment and complies with and supports all Federal, state, and local laws regarding discrimination in employment.