Project Manager - Cybersecurity

Job Title: Project Manager Security

We are seeking a highly motivated and experienced Project Manager Security to lead and deliver key security initiatives across our organization. The ideal candidate will have a strong background in cybersecurity and enterprise security programs, coupled with proven expertise in managing large-scale security projects, including during mergers and acquisitions (M&A). This role is critical to ensuring the confidentiality, integrity, and availability of our systems and data while aligning security programs with business and regulatory requirements.

Key Responsibilities:

1. Project Planning and Execution:

• Lead and manage security projects from inception to completion, ensuring projects are delivered on time, within scope, and budget.
• Develop detailed project plans that outline scope, deliverables, timelines, resources, risks, and success metrics.
• Collaborate with cross-functional teams, including information security, IT, compliance, legal, and business units, to ensure alignment with organizational goals.
• Track project performance, manage project budgets, and apply corrective actions as needed to keep initiatives on track.

2. M&A Security Integration:

• Oversee security integration efforts during mergers, acquisitions, or organizational transitions, ensuring seamless unification of security controls, tools, and frameworks.
• Manage the consolidation and optimization of security technologies, policies, and procedures to mitigate risks and ensure business continuity.
• Lead security assessments during M&A activities to identify vulnerabilities, gaps, and risks, and develop comprehensive remediation and integration plans.
• Ensure that security standards, incident response capabilities, and business resilience strategies are maintained throughout the M&A process.

3. Security Architecture and Implementation:

• Oversee the implementation of security controls and technologies such as SIEM, endpoint protection, DLP, firewalls, and intrusion detection/prevention systems.
• Ensure security solutions align with industry best practices, regulatory requirements, and evolving threat landscapes.
• Partner with security architects and engineers to implement technical solutions that protect sensitive assets and data.

4. Stakeholder Management and Communication:

• Provide clear, consistent, and timely communication to key stakeholders, including senior leadership, risk management, and technical teams.
• Facilitate collaboration between security, IT, and business units to address security challenges and ensure successful project delivery.
• Manage expectations of internal and external stakeholders during security transitions, integrations, or enhancements.

5. Risk and Issue Management:

• Identify and assess potential security risks and issues associated with projects or integrations and develop effective mitigation strategies.
• Conduct regular security risk assessments to ensure controls are effective and compliant with policies and regulations.
• Resolve security-related issues in a timely manner to avoid business disruptions or non-compliance.

6. Compliance and Governance:

• Ensure security projects and initiatives meet regulatory and industry compliance requirements (e.g., GDPR, HIPAA, SOX, PCI-DSS, NIST).
• Partner with compliance and risk management teams to ensure audit readiness and adherence to corporate governance policies.
• Implement and maintain policies and procedures related to information security, data privacy, and cybersecurity risk management.

7. Continuous Improvement:

• Identify opportunities to enhance security processes, technologies, and project delivery methodologies.
• Stay up to date with the latest security trends, technologies, and regulatory changes, and recommend improvements as appropriate.
• Promote a culture of security awareness and continuous improvement across the organization.

Required Skills and Experience:

1. Technical Expertise:

• Strong understanding of enterprise security technologies, including SIEM, IDS/IPS, endpoint protection, DLP, encryption, identity management, and cloud security.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, CIS Controls, and COBIT.
• Hands-on experience managing security implementations, upgrades, and integrations in on-premises and cloud environments.
• Direct experience with security challenges and controls associated with M&A activities.

2. Project Management Skills:

• Proven experience managing complex security projects, including budgeting, scheduling, resource management, and risk management.
• Proficiency with project management methodologies (Agile, Waterfall, or hybrid approaches).
• Strong problem-solving skills and ability to handle competing demands in a fast-paced environment.

3. Communication and Collaboration:

• Excellent verbal and written communication skills, with the ability to present security concepts to both technical and non-technical audiences.
• Strong ability to build relationships and collaborate effectively with IT, security, compliance, and business stakeholders.
• Demonstrated success managing stakeholder expectations and resolving project roadblocks.

4. M&A Experience:

• Experience leading security due diligence, risk assessments, and integration planning during mergers, acquisitions, or divestitures.
• Understanding of the unique security and compliance risks associated with M&A transactions.

5. Compliance and Security Awareness:

• Strong knowledge of regulatory and compliance standards relevant to information security.
• Familiarity with cybersecurity risk management, incident response planning, and security operations.
• Ability to ensure secure and compliant integration of security programs during organizational transitions.

Preferred Qualifications:

• PMP, CISSP, CISM, CRISC, or similar certifications.
• Experience in security program delivery within highly regulated industries (e.g., financial services, healthcare, insurance).
• Knowledge of cloud-native security tools (AWS Security Hub, Azure Security Center, etc.).
• Experience with business continuity planning and disaster recovery in the context of security programs.