Security Manager

Job Summary

The Security Manager will lead, maintain, and enhance the organization's cybersecurity posture across various environments, including infrastructure, applications, and cloud. This role combines strategic leadership with technical expertise and is responsible for designing, implementing, operating, and optimizing security controls while ensuring alignment with business objectives and regulatory requirements.

Responsibilities

• Lead day-to-day Security Operations, including monitoring and response activities.
• Manage and optimize Security Information and Event Management (SIEM), Extended Detection and Response (XDR), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), Privileged Access Management (PAM), Identity and Access Management (IAM), and other security tools.
• Perform threat hunting, malware analysis, and behavioral analytics utilizing security platforms and frameworks.
• Oversee phishing simulations, red-team/blue-team drills, and cyber readiness exercises.
• Maintain and enforce security policies, standards, and procedures while leading audits and certification initiatives (e.g., ISO 27001, SOC 2, GDPR).
• Conduct and manage risk assessments, third-party security reviews, Data Protection Impact Assessments (DPIAs), asset inventories, and access reviews.
• Create and track remediation plans, Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), compliance dashboards, and security metrics for leadership.
• Enforce strong Conditional Access, Multi-Factor Authentication (MFA), Zero-Trust, and least-privilege models.

Qualifications

• Technical Expertise:

  • 6–12 years of progressive cybersecurity experience, with at least 3 years in a leadership or lead engineering role.

• Certifications (Preferred):

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Cloud Security Professional (CCSP)
  • ISO 27001 Lead Auditor/Lead Implementer (LA/LI)

• Soft Skills:

  • Strong communication skills with the ability to translate complex risks into business language.
  • Ability to mentor and develop junior analysts and engineers.
  • Proactive mindset with strong ownership, accountability, and urgency.

Preferred Skills

• Practical expertise in cyber defense operations, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), identity & access governance, incident handling, vulnerability assessment, and cloud security.
• Familiarity with compliance frameworks such as ISO 27001, SOC 2, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or Federal Risk and Authorization Management Program (FedRAMP).