Senior Information Engineer Manager

Position Summary

The Fulcrum GT Senior Information Engineer Manager will lead the design implementation and management of controls that support enterprise-level security frameworks and compliance. This role will be responsible for ensuring that Fulcrum GT maintains a robust security posture across multiple standards including SOC 2 ISO/IEC 27001 ISO/IEC 42001 CSA STAR Level 2 and CyberEssentials. The Fulcrum GT Senior Information Engineer Manager will possess deep technical expertise in implementing and managing security controls across enterprise infrastructure identity systems and cloud environments.

Key Responsibilities

• Design implement and maintain security controls that support compliance with SOC 2 Type II ISO/IEC 27001 ISO/IEC 42001 CSA STAR Level 2 and CyberEssentials standards.
• Oversee the enterprise Identity and Access Management (IAM) program including role-based access controls privileged access management and access governance processes.
• Manage secure authentication systems including multi-factor authentication (MFA) and single sign-on (SSO).
• Implement and maintain malware protection solutions across endpoints servers and cloud workloads including next-generation antivirus and endpoint detection and response (EDR) platforms.
• Design and enforce data loss prevention (DLP) strategies and technologies to protect sensitive information across email endpoints network and cloud environments.
• Establish and maintain IT asset configuration management processes including configuration baselines change control and automated compliance monitoring.
• Lead the technical vulnerability management program including vulnerability scanning assessment prioritization remediation tracking and exception management.
• Collaborate with VP Director of Infrastructure and CISO to architect and implement cloud security controls across GCP and Azure.
• Oversee physical security monitoring systems including access control systems and integration with logical security controls.
• Collaborate with VP and CISO on security assessments gap analyses and remediation efforts.
• Collaborate with external auditors during security assessments audits and certification processes.
• Provide technical leadership and mentorship to the security team fostering a culture of continuous improvement and security awareness.

Core Technical Expertise

Identity and Access Management (IAM)

• Extensive experience with enterprise IAM platforms.
• Implementation of RBAC ABAC and least-privilege access models.
• Privileged access management (PAM) and secrets management solutions.
• Identity lifecycle management and automated provisioning/de-provisioning.

Secure Authentication

• Multi-factor authentication (MFA) implementation and enforcement.
• Single sign-on (SSO) integration and federation protocols (SAML OAuth 2.0 OIDC).
• Certificate-based authentication and PKI management.

Malware Protection

• Enterprise antivirus and anti-malware deployment and management.
• Endpoint detection and response (EDR) and extended detection and response (XDR) platforms.
• Threat intelligence integration and automated response capabilities.
• Malware analysis and incident response procedures.

Data Loss Prevention

• Enterprise DLP solution implementation.
• Data classification and labeling strategies.
• Content inspection and policy enforcement across network endpoint and cloud.
• Encryption and tokenization technologies for data protection.

IT Asset Configuration Management

• Configuration management tools.
• Security baseline development and enforcement.
• Automated compliance scanning and drift detection.
• Infrastructure as Code (IaC) security and configuration validation.

Technical Vulnerability Management

• Vulnerability assessment tools.
• Vulnerability prioritization.
• Patch management processes and automation.
• Penetration testing coordination and vulnerability validation.

Physical Security Monitoring

• Physical access control systems (PACS) and badge management.
• Integration of physical and logical security controls.

Compliance and Standards Expertise

• SOC 2 Type II: Understanding of Trust Service Criteria and evidence requirements for security availability processing integrity confidentiality and privacy.
• ISO/IEC 27001: Experience in supporting an Information Security Management System (ISMS) and Annex A controls.
• ISO/IEC 42001: Knowledge of AI Management System requirements and controls for artificial intelligence governance.
• CSA STAR Level 2: Familiarity with Cloud Controls Matrix (CCM) and Cloud Security Alliance attestation requirements.
• CyberEssentials: Understanding of UK government cyber security certification requirements including boundary firewalls secure configuration access control malware protection and patch management.

Required Qualifications

• Bachelors degree in Computer Science Information Security or related technical field (or equivalent experience).
• Minimum 7-10 years of experience in IT or information security with at least 3 years in a leadership role.
• Hands-on technical experience implementing and managing security controls in enterprise environments.
• Deep understanding of security frameworks including NIST CSF CIS Controls and MITRE ATT&CK.
• Knowledge of emerging technologies including AI/ML security zero-trust architecture and DevSecOps.
• Scripting and automation skills (e.g. Python PowerShell Bash Terraform).

Key Competencies

• Ability to align security initiatives with business objectives.
• Strong analytical and problem-solving abilities.
• Continuous learning mindset to stay current with evolving threats and technologies.
• Collaborative approach with ability to work across technical and business teams.

Benefits

• Competitive Health Dental and Vision Insurance
• Pet Insurance
• 401k
• Flexible schedule
• Paid Holidays plus Paid Time Off

Job Type

• Full-time

Language

• English (Required)