Manager, Information Security

Manager, Information Security

Full-time, hybrid role, Washington D.C or NYC

We value the time and privacy of every candidate who applies. To make sure real people don t get lost in the process, we use a structured hiring process that helps qualified applicants receive the attention they deserve. This includes several steps, with an in-person, skill-based interview as the final stage. Candidates should be willing and able to participate in an in-person, technically focused interview as part of the process.

No third-party candidates or vendors please.

Position Summary

An established organization operating in a highly information-sensitive environment is seeking an experienced cybersecurity leader to oversee and advance its enterprise security capabilities. This role is responsible for protecting systems, data, and users while partnering closely with technology teams across infrastructure, operations, and application platforms.

The individual in this position will guide the continued development of the organization s security program, helping identify and mitigate risk while ensuring strong operational security practices across the technology environment. The role blends leadership, technical collaboration, and strategic planning.

This is a strong opportunity for someone who enjoys building mature security practices in organizations where confidentiality, reliability, and client trust are essential.

Primary Responsibilities

Security Program Development

• Guide the ongoing evolution of the organization s cybersecurity strategy and operational practices
• Develop and maintain security standards, procedures, and internal controls that support enterprise risk management
• Establish metrics and reporting mechanisms to provide leadership visibility into security posture and improvement initiatives
• Promote a culture of security awareness and responsible data handling across the organization

Risk and Threat Management

• Identify, assess, and prioritize security risks across infrastructure, cloud platforms, applications, and user environments
• Oversee vulnerability management activities and work with technology teams to coordinate remediation efforts
• Lead incident response coordination and support investigation and recovery activities when security events occur
• Monitor emerging threats and recommend adjustments to security controls as needed

Collaboration with Technology Teams

• Partner with infrastructure, engineering, and operations teams to integrate security best practices into system design and technology operations
• Support evaluation of third-party vendors and technology providers from a security and risk perspective
• Provide guidance on secure system configuration, access controls, and data protection strategies

Leadership and Communication

• Provide clear updates to technology and business leadership on risk trends, security initiatives, and program priorities
• Mentor and support security staff while helping build consistent security practices across teams
• Translate technical risk concepts into actionable insights for non-technical stakeholders

Technology Environment

The organization operates within a modern enterprise technology environment that includes cloud services, collaboration platforms, enterprise applications, and distributed endpoint systems. Security technologies support areas such as identity management, endpoint protection, network monitoring, and centralized threat detection.

The security leader works closely with infrastructure and operations teams to ensure consistent protection across systems, users, and data.

Background That Typically Works Well

Successful candidates often come from roles such as:

• Information Security Manager
• Cybersecurity Manager
• Senior Security Engineer with leadership responsibilities
• Security Architect transitioning into a broader program leadership role

Required Experience

• Approximately 7+ years of experience in cybersecurity, information security, or related technical disciplines
• Experience leading security initiatives, projects, or teams within enterprise environments
• Strong understanding of incident response, threat detection, and vulnerability management
• Familiarity with common security frameworks such as NIST or ISO-based standards
• Experience working with security technologies such as SIEM platforms, endpoint protection, identity and access management, or network security tools
• Ability to communicate complex technical issues to both technical and non-technical stakeholders

Preferred Qualifications

• Experience working in environments where protecting sensitive client or business data is critical
• Exposure to vendor risk management, compliance programs, or audit processes
• Professional certifications such as CISSP, CISM, or related security credentials