IT Security Manager

Overview

The IT Security Manager is responsible for establishing, implementing, and maintaining the organization’s information security program to ensure the confidentiality, integrity, and availability of all corporate systems and data. This role oversees security operations, identifies and mitigates cyber risks, leads incident response efforts, and ensures compliance with internal policies and external regulatory requirements. The IT Security Manager works cross‑functionally with IT, HR, Legal, and Executive Leadership to develop security strategies, implement best practices, and promote a culture of security awareness across the organization.

The role also manages vulnerability assessments, security audits, vendor risk evaluations, and security technologies such as firewalls, endpoint protection, SIEM systems, and identity management solutions.

• Establish accountable management for security operations, GRC, and incident response.
• Integrate security architecture and reviews into all major IT projects and vendor selections.
• Strengthen security awareness and phishing resilience across the workforce.
• Manage EDR/XDR, SIEM, SOAR, vulnerability management, patching SLAs, and threat intelligence. Coordinate MSSP/SOC partners and after-hours coverage.
• Own policies/standards, risk assessments, control testing, audit readiness, third-party risk management, and regulatory reporting.
• Lead IR playbooks, forensics coordination, evidence preservation, breach communications, and post-incident lessons learned.
• Manage IAM, PAM, network segmentation, zero trust, email security, DLP, encryption, and cloud security baselines.
• Run phishing simulations, role-based training, and compliance education; measure adoption and behavioral improvements.
• Optimize contracts, SLAs, and tooling; drive cost savings through consolidation and governance.
• Reduce mean time to detect (MTTD) and mean time to respond (MTTR) to threats.
• Continuously review and achieve “no material findings” in external audits and close existing findings.

• Certifications:
  
  CISSP, CISM, CCSP, GIAC GCIA/GCIH, highly preferred
• Technical
  
  Skills:
  
  SIEM/XDR/SOAR, IAM/PAM, network security, cloud security (AWS/Azure), endpoint/email/DLP, vulnerability management, scripting/automation.
• Proficiency in security technologies and tools, including firewalls, intrusion detection/prevention systems, and vulnerability management.
• Strong understanding of security frameworks and standards such as ISO 27001, NIST, and COBIT.
• Excellent problem-solving and analytical skills to identify and address security issues.
• Strong analytical and problem-solving skills.
• Leadership, communication, vendor management, risk storytelling to executives skills
• Ability to handle confidential information.
• Ability to adapt to the needs of the organization and employees.

Bachelor’s Degree in Computer Science, Information Security or related field, required.

Minimum 5+ years in IT security in a complex, matrixed organization, required. Security operations, vulnerability management teams, GRC, and incident response; experience leading cross-functional teams.

Standard Office Criteria

Standard Office Criteria