Senior Manager, Information Security

Onto Innovation•Bloomington, MN

1d•$120,000 - $180,000

About The Position

Onto Innovation is a leader in process control, combining global scale with an expanded portfolio of leading-edge technologies that include: 3D metrology spanning the chip from nanometer-scale transistors to micron-level die-interconnects; macro defect inspection of wafers and packages; metal interconnect composition; factory analytics; and lithography for advanced semiconductor packaging. Our breadth of offerings across the entire semiconductor value chain helps our customers solve their most difficult yield, device performance, quality, and reliability issues. Onto Innovation strives to optimize customers’ critical path of progress by making them smarter, faster and more efficient. Job Summary & Responsibilities The Senior Manager of Information Technology is responsible for IT governance, risk, compliance, and operational readiness across Onto Innovation’s global environment. Reporting to the Senior Director of IT and Security, this role leads regulatory compliance initiatives, cybersecurity posture management, incident response readiness, business continuity and disaster recovery programs, vulnerability management, vendor and partner risk management, and contributes to Onto’s multi-year IT and security strategy.

Requirements

10+ years of progressive experience in IT leadership, cybersecurity, or enterprise risk management.
Demonstrated leadership of ISO 27001, CMMC Level 2, and SOX IT control programs.
Experience contributing to multi-year (3+ year) IT or security strategic planning and roadmaps.
Hands-on experience with cybersecurity posture management and vulnerability management programs.
Strong understanding of incident response, BCP/DRP, and operational resilience in hybrid IT environments.
Experience managing vendors, partners, and supply-chain IT/security risk.
Strong executive communication, stakeholder management, and continuous improvement mindset.

Nice To Haves

Experience with SEMI E187/E188 or manufacturing-focused frameworks.
Familiarity with NIST CSF, NIST 800-53, or NIST 800-171.
Experience supporting global operations across North America, Europe, and APAC.
Background in semiconductor, advanced manufacturing, or IP-sensitive industries.
Experience translating strategy into measurable OKRs, KPIs, and risk metrics.

Responsibilities

Lead IT compliance programs aligned to ISO/IEC 27001, CMMC Level 2, SEMI E187, and SOX IT controls.
Translate regulatory requirements into actionable policies, standards, procedures, and audit evidence.
Drive audit readiness, internal assessments, remediation activities, and continuous compliance improvement.
Partner with Legal, HR, Compliance, Finance, Facilities, Operations, Service, and Engineering teams on enterprise risk initiatives.
Own and mature cybersecurity posture management practices across infrastructure, endpoints, and cloud services.
Oversee vulnerability management programs, including risk-based prioritization, remediation tracking, and executive reporting.
Partner with Infrastructure, Security Operations, and Engineering teams to reduce attack surface and improve resilience.
Drive our IT Security program forward with a defense in depth and continuous improvement mindset.
Continuously assess and validate security controls effectiveness and drive improvements based on threat intelligence and risk trends.
Own incident response planning and execution for IT and cybersecurity incidents.
Design and lead tabletop exercises, purple team drills, and post-incident reviews.
Maintain incident response playbooks, escalation paths, and executive communications.
Drive continuous improvement through lessons learned and after-action reviews.
Own and mature Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).
Define and validate RTO/RPO objectives across hybrid on-prem and cloud environments.
Lead and coordinate DR testing, recovery exercises, and continuous improvement efforts.
Lead vendor, partner, and supply-chain IT and cybersecurity risk management programs.
Define security requirements for vendors, contract manufacturers, and extended factory partners.
Oversee onboarding assessments, remediation tracking, and ongoing risk reviews.
Support vendor audits, security reviews, and contractual security obligations in partnership with Procurement and Legal.
Contribute to the development and execution of Onto’s 3-year IT and Security strategic roadmap.
Apply a continuous improvement mindset to compliance, security posture, incident readiness, and resilience programs.
Identify capability gaps, emerging risks, and investment priorities across people, process, and technology.
Support annual planning, budgeting, and executive reporting tied to multi-year strategy.
Operate within an Agile, globally distributed IT organization.
Develop metrics, dashboards, and executive reporting for compliance, cybersecurity posture, and operational readiness.
Influence cross-functional teams through collaboration, leadership, and subject-matter expertise.