Senior Manager, Information Security

Position Overview

The Sr Manager Information Security is responsible for driving information security functions as related to specific domain(s) of cyber security. The Senior Manager is accountable for the organizations governance of information security risk domains by developing and implementing processes responsible for overseeing and managing information security risk. As part of Information Security team this role will collaborate closely with leaders in Information Technology Software Development and other departments to implement and manage Adaptives information security strategy and priorities and offer independent advice and recommendations regarding ways to further mature the information security and risk management posture and policies.

Leaders at Adaptive demonstrate behaviors consistent with Adaptives Core Values and Leadership Principles. Critical functions of your role include helping establish individual team member goals aligning those individual goals with broader team objectives and ensuring those objectives drive the achievement of company goals. Providing thoughtful coaching and consistent feedback to your team members will drive performance excellence and accountability as well as support your team members growth and development. Leaders at Adaptive create an environment of belonging respect and open and honest communication every day.

Key Responsibilities and Essential Functions

• Strategic Leadership & Governance
  • Serve as subject matter expert on information security guiding cross-functional partners and leading enterprise-wide risk committees and security reviews.
  • Participate in the definition and evolution of Adaptives cybersecurity strategy architecture and GRC roadmap aligned with business priorities.
  • Develop and maintain security reference architecture across cloud hybrid and on-prem environments
• Policy & Compliance Management
  • Drive the development and implementation of security policies and ISMS practices ensuring alignment with ISO 27001 SOC 2 TX-RAMP HIPAA and other regulatory frameworks.
  • Lead internal and external audits and certification efforts.
• Security Architecture & Control Design
  • Collaborate with IT Privacy and Engineering to design and implement layered security controls across identity access network endpoint application and data environments. Continuously evaluate and integrate emerging technologies to strengthen Adaptives security architecture.
• Risk Management & Assurance
  • Conduct enterprise risk assessments maintain the risk register and monitor key indicators to identify and remediate non-compliance.
  • Support customer audits contract negotiations and third-party risk management.
  • Lead the assessment management and response efforts for incidents vulnerabilities and other security events.
• Control Implementation & Optimization
  • Ensure effective deployment and optimization of security tools (e.g. SIEM EDR DLP IAM) ensuring controls meet GRC requirements and business needs.
  • Lead control testing continuous monitoring and third-party penetration testing engagements.
• Reporting & Stakeholder Communication
  • Develop and maintain KPIs metrics dashboards and reporting to measure the effectiveness of information security program activities.
  • Translate technical risks into business impact for non-technical stakeholders and support customer audits and inquiries.
• All other duties as assigned.

Position Requirements

• Bachelors 12 years of related experience or Masters 8 years of related experience
• Also requires 2 years of supervisory experience
• Understand Risk Management principles and the tools to ensure attention is brought to high-risk areas.
• Have solid knowledge of ISO 27001 NIST and other information security standards with some experience implementing these standards.
• Good communicator who is used to working in a dynamic environment.
• Solid attention to detail and ability to communicate that detail in summary form.
• Ability to multi-task and meet deadlines.
• Prefer one of the following certifications: certificated internal auditor; certified lead implementor CISSP CISM CISA or equivalent experience.
• Proven ability to achieve results in a fast moving dynamic environment.
• Proven understanding of information security risk assessment and technology risk management and compliance procedures and methodologies.
• Demonstrated experience leading work of others.
• Ability to establish and maintain relationships with individuals at all levels of the organization in the business community and with vendors.
• Thorough knowledge of all aspects of information security and compliance including SOC 2 ISO 27001/2 and HIPAA. Life sciences medical device or healthcare industry experience ideal particularly experience with FDA cybersecurity guidance.
• Solid understanding of application security cloud security security operations incident response and infrastructure security.
• Skilled in translating technical data into business impact information including for non-technical audiences.
• Proven analytical and problem-solving abilities.

Working Conditions

• Administrative work in a home/office environment.
• Regular weekday work hours with occasional weekend/after-hours planned or unplanned work as needed.

#LI-Remote

Compensation

Salary Range: $143200 - $214800

Other compensation elements to include:

• equity grant
• bonus eligible