Senior Manager, Information Security

{"description": "Onto Innovation is a leader in process control, combining global scale with an expanded portfolio of leading-edge technologies that include: 3D metrology spanning the chip from nanometer-scale transistors to micron-level die-interconnects; macro defect inspection of wafers and packages; metal interconnect composition; factory analytics; and lithography for advanced semiconductor packaging. Our breadth of offerings across the entire semiconductor value chain helps our customers solve their most difficult yield, device performance, quality, and reliability issues. Onto Innovation strives to optimize customers' critical path of progress by making them smarter, faster and more efficient.

Job Summary & Responsibilities

The Senior Manager of Information Technology is responsible for IT governance, risk, compliance, and operational readiness across Onto Innovation's global environment. Reporting to the Senior Director of IT and Security, this role leads regulatory compliance initiatives, cybersecurity posture management, incident response readiness, business continuity and disaster recovery programs, vulnerability management, vendor and partner risk management, and contributes to Onto's multi-year IT and security strategy.
Key Responsibilities
Compliance & Governance

• Lead IT compliance programs aligned to ISO/IEC 27001, CMMC Level 2, SEMI E187, and SOX IT controls.
• Translate regulatory requirements into actionable policies, standards, procedures, and audit evidence.
• Drive audit readiness, internal assessments, remediation activities, and continuous compliance improvement.
• Partner with Legal, HR, Compliance, Finance, Facilities, Operations, Service, and Engineering teams on enterprise risk initiatives.

Cybersecurity Posture & Vulnerability Management

• Own and mature cybersecurity posture management practices across infrastructure, endpoints, and cloud services.
• Oversee vulnerability management programs, including risk-based prioritization, remediation tracking, and executive reporting.
• Partner with Infrastructure, Security Operations, and Engineering teams to reduce attack surface and improve resilience.
• Drive our IT Security program forward with a defense in depth and continuous improvement mindset.
• Continuously assess and validate security controls effectiveness and drive improvements based on threat intelligence and risk trends.

Incident Response & Readiness

• Own incident response planning and execution for IT and cybersecurity incidents.
• Design and lead tabletop exercises, purple team drills, and post-incident reviews.
• Maintain incident response playbooks, escalation paths, and executive communications.
• Drive continuous improvement through lessons learned and after-action reviews.

Business Continuity & Disaster Recovery

• Own and mature Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP).
• Define and validate RTO/RPO objectives across hybrid on-prem and cloud environments.
• Lead and coordinate DR testing, recovery exercises, and continuous improvement efforts.

Vendor, Partner & Supply-Chain Risk Management

• Lead vendor, partner, and supply-chain IT and cybersecurity risk management programs.
• Define security requirements for vendors, contract manufacturers, and extended factory partners.
• Oversee onboarding assessments, remediation tracking, and ongoing risk reviews.
• Support vendor audits, security reviews, and contractual security obligations in partnership with Procurement and Legal.

Strategic Planning & Continuous Improvement

• Contribute to the development and execution of Onto's 3-year IT and Security strategic roadmap.
• Apply a continuous improvement mindset to compliance, security posture, incident readiness, and resilience programs.
• Identify capability gaps, emerging risks, and investment priorities across people, process, and technology.
• Support annual planning, budgeting, and executive reporting tied to multi-year strategy.

Agile, Global IT Leadership

• Operate within an Agile, globally distributed IT organization.
• Develop metrics, dashboards, and executive reporting for compliance, cybersecurity posture, and operational readiness.

• Influence cross-functional teams through collaboration, leadership, and subject-matter expertise.

Qualifications

• 10+ years of progressive experience in IT leadership, cybersecurity, or enterprise risk management.
• Demonstrated leadership of ISO 27001, CMMC Level 2, and SOX IT control programs.
• Experience contributing to multi-year (3+ year) IT or security strategic planning and roadmaps.
• Hands-on experience with cybersecurity posture management and vulnerability management programs.
• Strong understanding of incident response, BCP/DRP, and operational resilience in hybrid IT environments.
• Experience managing vendors, partners, and supply-chain IT/security risk.
• Strong executive communication, stakeholder management, and continuous improvement mindset.

Preferred Qualifications

• Experience with SEMI E187/E188 or manufacturing-focused frameworks.
• Familiarity with NIST CSF, NIST 800-53, or NIST 800-171.
• Experience supporting global operations across North America, Europe, and APAC.
• Background in semiconductor, advanced manufacturing, or IP-sensitive industries.
• Experience translating strategy into measurable OKRs, KPIs, and risk metrics.

Leadership Competencies

• Continuous improvement and risk-based decision-making mindset.
• Executive presence and calm decision-making under pressure.
• Ability to balance long-term strategy with near-term execution.
• Strong collaboration across technical, business, and partner organizations.
• High integrity, accountability, and operational discipline.

Why Join Onto Innovation?

At Onto Innovation, we believe your work should matter-and so should your well-being. That's why we offer competitive salaries and a comprehensive benefits package designed to support you and your family. From health, dental, and vision coverage to life and disability insurance, PTO, and a 401(k) with employer match, we've got you covered. You'll also enjoy access to our Employee Stock Purchase Program (ESPP), wellness initiatives, and cutting-edge tools-all within a collaborative, inclusive culture where your contributions are valued and recognized.

Compensation & Growth

Base Salary Range:
$120,000.00 - $180,000.00, offered in good faith and based on experience, location, and qualifications.

• Additional Rewards: Annual bonus opportunities and potential long-term incentives tied to both company and individual success.

Empowering Every Voice to Shape the Future:

Onto Innovation is committed to creating a workplace where every qualified candidate has an equal opportunity to succeed. We evaluate applicants based on skills, experience, and potential - without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, veteran status, or any other characteristic protected by law. We believe diversity of thought and background drives innovation and strengthens our team.

Important Note on Export Compliance

For certain positions requiring access to technical data, U.S. export licensing review may be necessary for applicants who are not U.S. Citizens, Permanent Residents, or other protected persons under 8 U.S.C. 1324b(a)(3).", "salary_raw": "Row(double=None, string='USD 120,000.00 - 180,000.00 per year')"}