Manager – Information Security

Job Title: Manager – Information Security

Employment Type: Full-Time

Sponsorship: Not available (U.S. work authorization required)

We are seeking a hands‑on Manager – Information Security to lead and mature our organization’s information security program. This role will be responsible for ensuring compliance with key frameworks (SOC 2, ISO 27001, GDPR, HIPAA, etc.), overseeing security operations and audits, and guiding the business in implementing best practices for data protection and risk management.

This position is ideal for a mid‑level security leader — someone with enough experience to independently manage and improve a program but who is still eager to grow into broader leadership responsibilities over time.

• Develop, implement, and maintain the organization’s information security policies, standards, and procedures.
• Manage compliance efforts for SOC 2, ISO 27001, GDPR, HIPAA, and related regulatory frameworks.
• Serve as primary liaison for internal and external security audits, including coordination with auditors, consultants, and internal stakeholders.
• Conduct regular risk assessments and lead remediation efforts.
• Oversee the implementation of technical and administrative security controls across systems and data environments.
• Partner with IT and business units to ensure security requirements are embedded in projects, applications, and vendor relationships.
• Monitor security operations and coordinate incident response activities as needed.
• Provide security awareness training and promote a culture of security across the organization.
• Prepare reports and brief leadership on security posture, risks, and improvement plans.
• Stay current on emerging threats, trends, and regulatory changes impacting information security.

• Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field (or equivalent experience).
• 5+ years of hands‑on experience in information security management, governance, risk, and compliance.
• Demonstrated experience implementing and maintaining controls for SOC 2, ISO 27001, GDPR, HIPAA
  .
• Strong understanding of cybersecurity principles, risk management, and audit methodologies.
• Experience working with or in audit or consulting firms supporting compliance engagements.
• Proven ability to manage cross‑functional initiatives and communicate effectively with technical and non‑technical stakeholders.
• Must have U.S. work authorization

• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor
  , or similar.
• Experience with cloud security (AWS, Azure, or GCP).
• Experience in scaling an Info Sec function and/or leading a small team.
• Familiarity with third‑party risk management and vendor due diligence processes.

Opportunity for professional development and future leadership growth.