Information Security Manager

Description: As the Information Security Manager, you will lead the strategic development and oversight of our organization’s cybersecurity program within a fast-paced software development environment. You will be responsible for defining security roadmaps, managing risk across our software delivery pipeline, and ensuring our products meet the highest standards of data protection. You will bridge the gap between technical engineering teams and executive leadership, translating complex security threats into actionable business risk assessments. This role is pivotal in maintaining our competitive edge by ensuring that security is a core component of our brand and customer trust. Key Areas of Responsibility: Security Program Leadership: Design and manage the enterprise-wide information security strategy, aligning security initiatives with software development lifecycles (SDLC) and business goals. Risk Management & Governance: Lead comprehensive risk assessments and vendor security reviews to identify and mitigate vulnerabilities across third-party integrations and internal systems. DevSecOps Integration: Collaborate with engineering leads to integrate security automation (SAST/DAST) into CI/CD pipelines, promoting a "shift-left" security culture. Incident Response Management: Oversee the security incident response program, acting as the primary point of escalation and lead investigator during high-priority security events. Regulatory & Compliance Oversight: Ensure continuous compliance with industry-standard frameworks such as SOC2, ISO 27001, and GDPR, managing external audits and certification processes. Security Awareness & Culture: Develop and lead security training programs for non-technical staff and specialized secure-coding workshops for developers. Stakeholder Communication: Present regular security posture reports to senior management and board members, providing data-driven recommendations for security investments. Objectives: Maintain the confidentiality, integrity, and availability of our SaaS platforms and customer data environments. Minimize organizational risk by implementing robust security controls across the software development and deployment processes. Achieve and maintain industry-leading security certifications (e.g., SOC2 Type II, ISO 27001, NIST) along with compliance with our parent company’s policies Foster a proactive security-first mindset across all departments through education and transparent reporting. Skills: Strategic Leadership: Ability to lead technical teams and influence organizational change without direct authority. Complex Problem-Solving: Expert at analyzing evolving cyber threats and designing creative, scalable mitigation strategies. Effective Communication: Translating deeply technical security vulnerabilities into business-impact terms for executive stakeholders. Regulatory Knowledge: Deep understanding of software-relevant compliance standards (NIST, SOC2, ISO). Technical Proficiency: Familiarity with cloud security (AWS/Azure/GCP), containerization, and automated security testing tools. Education and Experience: Bachelor’s degree in Computer Science, Cybersecurity, Management Information Systems, or a related field. Master’s degree in a specific area of specialization, such as IT security, may be beneficial. 7–10+ years of experience in information security, with at least 3 years in a leadership or management capacity. Proven experience in a software development or "Software as a Service" (SaaS) environment. Relevant Certifications: CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) is highly preferred. Additional Attributes: Innovative and creative thinking: Ability to anticipate future security trends and prepare the organization accordingly. Composure: Ability to work in a fast-paced environment and remain calm during active security incidents. Strong attention to detail: Ensuring precision in security policy and implementation. Empathy: Balances the need for strict security controls with developers' operational needs to remain productive. Travel: Occasional travel between Orlando and Pittsburgh offices or for security conferences and audits.