Manager of Information Security

Granite delivers advanced communications and technology solutions to businesses and government agencies throughout the United States and Canada. We provide exceptional customized service with an emphasis on reliability and outstanding customer support and our customers include over 85 of the Fortune 100. Granite has over $1.85 Billion in revenue with more than 2,100 employees and is headquartered in Quincy, MA. Our mission is to be the leading telecommunications company wherever we offer services as well as provide an environment where the value of each individual is recognized and where each person has the opportunity to further their growth and achieve success.

Granite has been recognized by the Boston Business Journal as one of the "Healthiest Companies" in Massachusetts for the past 15 consecutive years.

Our offices have onsite fully equipped state of the art gyms for employees at zero cost.

Granite's philanthropy is unparalleled with over $300 million in donations to organizations such as Dana Farber Cancer Institute, The ALS Foundation and the Alzheimer's Association to name a few.

We have been consistently rated a "Fastest Growing Company" by Inc. Magazine.

Granite was named to Forbes List of America's Best Employers 2022, 2023 and 2024.

Granite was recently named One of Forbes Best Employers for Diversity.

Our company's insurance package includes health, dental, vision, life, disability coverage, 401K retirement with company match, childcare benefits, tuition assistance, and more.

If you are a highly motivated individual who wants to grow your career with a fast paced and progressive company, Granite has countless opportunities for you.

EOE/M/F/Vets/Disabled

General Summary of Position:

The Manager of Information Security leads Granite's enterprise security program, ensuring the protection of corporate systems, applications, cloud platforms, and data across the entire business. This role drives the strategy, implementation, and continuous improvement of security policies, controls, and processes while enabling secure operations across IT, Engineering, Operations, Legal, and customer facing teams. It oversees vulnerability management, cloud security (GCP and AWS), identity and access management, application security, incident response, and third party risk, ensuring security is embedded into technology decisions and business initiatives.

The position also maintains focused support for government related compliance activities, such as NISTbased requirements and limited ATO documentation, representing a smaller but important portion of the role. Overall, the Senior Manager provides cross functional leadership to strengthen Granite's security posture, reduce risk, and support the organization's operational and strategic goals

Duties and Responsibilities:

• Oversee and manage Granite's enterprise wide Information Security Program, ensuring
  protection of corporate systems, data, applications, cloud environments, and business
  operations across all departments (IT, Engineering, Legal, Ops, Customer facing
  teams).
• Lead the development, implementation, and continuous improvement of corporate
  security policies, standards, procedures, and supporting governance documents.
• Direct vulnerability management activities across infrastructure, cloud, and
  applications; coordinate remediation with engineering, Dev Ops, and operations teams;
  validate fixes through scanning and ongoing monitoring.
• Oversee cloud security for GCP and AWS, ensuring secure configuration, access
  control, and alignment with best practices.
• Drive secure architecture reviews, application security requirements, and SDLC
  security integration for internal products.
• Partner with Engineering, Infrastructure, Dev Ops, and Network teams to evaluate
  system changes, cloud migrations, firewall updates, and new deployments to ensure
  security requirements and risk mitigations are properly addressed.
• Lead incident response activities-coordinate triage, communicate with stakeholders,
  review root causes, and ensure corrective actions and preventative measures are
  implemented.
• Manage enterprise identity and secrets programs, including MFA requirements, SSO
  implementation, service account lifecycle, least privilege enforcement, and secure
  credential rotation.
• Guide third party risk management, review vendor documentation, determine required
  evidence levels, and assess security impact of new or ongoing vendors.
• Provide security guidance and support for business processes, system enhancements,
  corporate initiatives, new integrations, and technology transformations across the
  organization.
• Lead recurring enterprise security meetings to align IT, Engineering, Legal, Audit, and
  business leaders on priorities, risks, and remediation activities.
• Ensure proper data handling practices across the business, including the identification
  and removal of sensitive or regulated data from email, local drives, Teams, and other
  systems.
• Support corporate continuity and resilience activities, including business impact
  analysis,…