Information Technology Security Manager

Overview

The IT Security Manager serves as the enterprise's security leader, responsible for both daily operational oversight and long term security strategy. This includes managing the SOC team, directing the operation of all security solutions, and defining the organization's security posture through policy, architecture, and training. The role also includes selecting appropriate security technologies, supervising vulnerability assessments and audits, and managing the organization's third party SOC vendor to ensure consistent high quality monitoring and incident response.

As a hands on technical and operational manager, the IT Security Manager is accountable for implementing and optimizing the Microsoft security ecosystem including Azure AD Entra, Microsoft Defender XDR, Intune, Sentinel, and Microsoft 365 compliance tools to safeguard systems and maintain regulatory and audit compliance. The manager collaborates closely with Systems and Network teams as well as business unit leaders to promote the corporate security vision and foster shared responsibility for strengthening enterprise security.

• Create and maintain the enterprise security architecture design
• Create and maintain the enterprise security awareness training program
• Maintain the enterprise security documents policies, standards, baselines, guidelines, and procedures
• Create and maintain the enterprise Business Continuity Plan and Disaster Recovery Plan where appropriate

• Maintain up to date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security as per the enterprise's existing procurement processes
• Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard operating procedures generically and the enterprise security documents specifically

• Manage daily operation of core security technologies SIEM IDS IPS EDR MFA MDM vulnerability scanners
• Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from through enterprise workstations, servers and other systems and in databases and other data repositories
• Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents
• Microsoft Sentinel SIEM and Log Analytic
• Owns and administers Microsoft Entra  protections, Conditional Access policies, MFA enforcement, least privilege access and privileged role governance
• Performs hands on reviews of access logs, sign in risks and user lifecycle workflows
• Leads enterprise wide access reviews mandated by audit and compliance frameworks

• College diploma or university degree in computer science (preferred)
• Other industry certifications such as CISSP, CISM, CySA+, CASP

• 7+ years in cybersecurity operations, incident response, or system security engineering
• Extensive experience in enterprise security architecture design
• Extensive experience in enterprise security document creation
• Experience in designing and delivering employee security awareness training
• Experience in developing Business Continuity Plans and Disaster Recovery Plans
• Experience in Microsoft Sentinel, Intune, Entra , and Defender XD
• Working technical knowledge of Microsoft Purview
• Strong understanding of IP, TCP/IP, and other network administration protocols