Sr. Manager, Information Security

Description

The Sr. Manager of Information Security is responsible for maintaining an enterprise-wide information security program.  This position will report to the Director of Information Security and will provide the leadership necessary to manage risks to the organization and ensure business alignment, effective governance, system and product availability, integrity, and confidentiality.

This position will be responsible for identifying, evaluating, advising, and reporting on information security risks in a manner that meets compliance and regulatory requirements. The incumbent will also provide oversight for the Governance, Risk and Compliance program, Privacy and Data Protection Program, Incident Response Process, and Cyber Resilience initiatives. This key leadership position will manage a small team and must be comfortable with providing strategic direction as well as doing actual hands-on work as an individual contributor when needed.

Responsibilities

Governance, Risk, and Compliance (GRC):
•    Responsible for the GRC aspects of the Information Security program.
•    Oversee regular risk assessments and audits to ensure compliance with industry standards and regulations.
•    Develop, implement and monitor policies, procedures, and standards to manage risks, streamline processes, and ensure alignment with industry best practices.
•    Drive initiatives to certify compliance with various regulatory and industry standards, including GDPR, CPRA, CMMC, TISAX, and ISO 27001.
•    Direct the global security awareness program including security training, phishing campaigns, cyber bulletins, Cybersecurity Awareness Month activities, and the Cybersecurity intranet site.
•    Administer the third-party risk life cycle from vendor due diligence, onboarding, regular assessments and termination.
•    Manage the risk register and track remediation efforts to close open gaps.
•    Handle all internal and external audits from the internal audit, customers, regulators and certification bodies.
•    Create and manage an exception process for control activities.

Privacy and Data Protection:
•    Oversee the organization's data protection strategy to ensure compliance with data privacy laws (e.g., GDPR, CCPA).
•    Supervise the implementation of data protection security controls.
•    Direct data privacy impact assessments and ensure data protection by design and by default.
•    Maintain and update the data map of customer, PII and IP information.

Incident Response:
•    Lead the incident response team in identifying, managing, and mitigating cybersecurity incidents.
•    Develop and maintain incident response plans and playbooks.
•    Conduct post-incident reviews and implement lessons learned to improve response capabilities.
•    Coordinate Strategic Response Training and conduct Incident Response tabletop exercises
•    Collaborate with the Legal team to ensure that incident response plans and disclosure requirements align with the SEC disclosure rules.

Cyber Resilience:
•    Develop and implement strategies to enhance the organization's cyber resilience capabilities.
•    Conduct regular cyber resilience assessments and simulations which include failover and recovery tests.
•    Collaborate with other departments to ensure business continuity and disaster recovery plans are in place and effective.
•    Train the recovery team on their roles and responsibilities during a cyber event.
 

Required Experience and Skills

•    Bachelor’s degree in computer science, cybersecurity or related field is preferred.
•    12+ years IT security or IT assurance experience required
•    7+ years of progressive experience in Risk Management, Compliance, and/or Security Operations roles
•    CISSP, CRISC, CISM, or CISA certifications preferred.
•    Experience with TISAX, DFARS/CMMC and ISO 27001 audits preferred
•    Understanding of technical processes and cybersecurity concepts is required
•    Experience supporting and managing a large geographically dispersed IT Teams desired
•    Excellent communication skills, critical thinking capabilities, and a strong attention to detail is a must

#LI-DL1

Note: We believe in the value of diverse experiences and are committed to building a team with a wide range of skills and backgrounds. We recognize that career paths vary, and your unique journey may have equipped you with the necessary skills even if you don’t meet all of the criteria above. If you are passionate about this role and believe you have what it takes to grow and excel in this role, we encourage you to apply!