Senior Manager, Information Security

Position Summary:

The Senior Manager Information Security leads the design implementation and oversight of enterprise-wide information security programs ensuring the confidentiality integrity and availability of company systems and data. This role is responsible for risk management regulatory compliance vendor security incident response and security awareness initiatives. The position requires deep technical knowledge of security practices cloud environments and regulatory frameworks combined with strong leadership communication and collaboration skills to work cross-functionally across the organization and with external partners.

Primary Responsibilities

Planning and Processes:

• Research and stay informed of potential information security threats industry trends emerging technologies and response alternatives.
• Identify assess and deploy security technology solutions and partners.
• Conduct regular assessments of the IT security environment to identify cybersecurity gaps and evaluate potential risk exposure.
• Lead the development implementation and monitoring of IT security policies standards procedures and guidelines.
• Collaborate on technology projects to ensure security issues are addressed throughout the project life cycle.
• Provide oversight for cloud security architecture including identity and access management (IAM) data protection encryption and security configuration for SaaS IaaS and PaaS environments.
• Evaluate and monitor third-party vendor security practices through regular assessments risk evaluations and contract reviews to ensure compliance with company standards and regulatory requirements.
• Collaborate on disaster recovery business continuity planning and incident response processes.

Operational:

• Lead the enterprise-wide security incident response program coordinating containment investigation root cause analysis lessons learned and post-incident reporting.
• Ensure that network devices and PCs are maintained via upgrades patches and updates with appropriate security controls.
• Maintain manage and monitor compliance with security control frameworks such as NIST Cybersecurity Framework (NIST CSF) and Payment Card Industry (PCI DSS).
• Serve as a technical subject matter resource on security-related projects.
• Ensure data integrity confidentiality and protection of company systems.
• Lead contracted security assessments and drive remediation partnering with business and IT teams.
• Work with auditors to demonstrate processes and ensure appropriate levels of access throughout the information lifecycle.
• Design deliver and continuously improve security training programs phishing simulations and awareness campaigns.
• Lead compliance efforts with regulatory frameworks including CCPA PCI DSS and applicable privacy/security laws.
• 24x7 on-call availability in the event of an emergency.

Knowledge Skills and Abilities:

• Knowledge of trends and developments in technology relating to security and risk management.
• Strong understanding of information security controls risks and threats.
• Knowledge of enterprise security technologies such as VPN encryption firewalls intrusion detection/prevention and anti-virus (Crowdstrike experience preferred).
• In-depth understanding of cloud security principles and architectures (AWS Azure GCP) workload protection identity governance and secure configuration management.
• Knowledge of information security standards data privacy laws and federal data protection regulations.
• Experience with security audits customer security questionnaires and regulatory assessments.
• Ability to analyze prioritize and mitigate security risks across technology and business processes including vendor risk and supply chain risk.
• Excellent communication skills; ability to convey technical concepts to non-technical audiences.
• High integrity and professionalism.
• Ability to manage multiple priorities and meet deadlines.

Qualifications:

• Bachelors degree in information technology cybersecurity or a related field.
• Minimum 5-7 years of progressive experience in information security with at least 2 years in a leadership or management role.
• Security certifications such as Security CISSP CISM GIAC or cloud security certifications (e.g. CCSP AWS Security) strongly preferred.
• Prior experience with a business or financial services firm is preferred.

Additional Comments:

• Hours: 8:00 a.m. 5:00 p.m.; some overtime may be required.
• Location: This position is based out of our corporate office in Wayne PA with a hybrid work schedule requiring three days in the office per week.
• Travel: Occasional local travel and infrequent air travel.

AD is proud to be an equal employment opportunity employer. Qualified candidates are considered for employment without regard to race religion gender gender identity sexual orientation national origin age military or veteran status disability or any other characteristic protected by applicable law. At AD we support a collaborative and inclusive environment. We value open participation from individuals with different ideas experiences and perspectives which we believe make AD a better place to work.