Senior Manager of Information Security - Application Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field
• 10+ years of progressive InfoSec experience, including 3+ years in a leadership or management role
• At least one relevant security certification (e.g., CISSP, CISM, or equivalent)
• Strong knowledge of security frameworks such as NIST and ISO 27000 series
• Proven success designing, implementing, or overseeing enterprise-scale security solutions

Nice To Haves

• Strong experience in web, mobile, and API security, including OWASP Top Ten, WASC, OSSTMM
• Expertise in secure coding, SDLC, DevSecOps pipelines, and automation
• Background in application penetration testing, vulnerability assessment, and ethical hacking
• Experience with security testing tools: SAST, DAST, IAST, RASP, SCA
• Hands-on threat modeling and risk assessments within agile SDLC
• Proven collaboration with DevOps to onboard tools and enforce secure coding policies
• Knowledge of secure app deployment in AWS and Azure
• Familiarity with forensics, network exploitation, and advanced testing tools
• Experience managing client or third-party audits related to application security
• Must be 18 years of age or older

Responsibilities

• Develop, communicate, and execute security strategies aligned to business objectives.
• Serve as a key security liaison, embedding secure design principles, access control frameworks, and risk mitigation practices into cross-functional initiatives, projects, and enterprise transformations.
• Lead and manage a high-performing security team, overseeing hiring, training, performance management, career development, and budgeting, while developing and tracking KPIs/KRIs to measure security posture and report progress to senior leadership.
• Develop and maintain security reference architectures, standards, and roadmaps for applications, cloud, and enterprise systems.
• Guide secure development practices, threat modeling, and integration of security tools (e.g., SAST, DAST, SIEM) into DevSecOps pipelines and cloud environments.
• Ensure alignment with enterprise identity strategies and access control frameworks to support secure, scalable, and compliant solutions.
• Maintain deep knowledge of security principles, frameworks (NIST, ISO 27000), and regulatory landscapes (PCI, SOX, GDPR, SOC2).
• Conduct risk assessments across application, infrastructure, and identity domains; support audits, and regulatory compliance efforts.
• Stay current on emerging threats and technologies, lead PoCs, and drive adoption of modern security practices and tools.
• Familiarity with modern cloud environments.
• Strong stakeholder management across technical and non-technical teams.
• Experience managing cross-functional projects and delivering measurable risk reduction.

Benefits

• Flexible time off
• volunteer time off
• paid maternity/paternity leave
• tuition reimbursement
• pet bereavement
• 401K
• PTO
• Medical
• Dental
• Healthcare (Medical, Dental, Vision)
• Paid Time Off, Volunteer Time Off, and Holidays
• Employer-Matched Retirement Plan
• Employee Stock Purchase Plan
• Short-Term and Long-Term Disability
• Infertility Treatment, Adoption and Surrogacy Assistance