Cybersecurity Manager

Job Title: Cybersecurity Manager

Duration: Contract (Long - Term)

Location: Garden City NY San Ramon CA San Jose CA San Francisco CA Los Angeles CA Dallas TX Portland OR Chicago IL Philadelphia PA St. Louis MO Atlanta GA Duluth GA Denver CO

Top 3 Skills

• Planning and strategy execution
• Azure
• Financial compliance

Role summary

Leadership role responsible for cybersecurity program execution compliance operations (ISO 27001 SOC 2) and risk management within Core Technology. This role will expand Client cybersecurity capabilities from primarily compliance-focused to strategically-driven security engineering with a clear measurable roadmap.

Mission

Protect business operations and client data through measurable risk reduction audit-ready compliance execution and security controls that enable business velocity without unacceptable risk. Establish s first comprehensive cybersecurity roadmap with prioritized initiatives clear ownership and transparent progress tracking.

Core outcomes

• Multi-year cybersecurity roadmap with prioritized funded initiatives
• Strategic expansion of cybersecurity engineering capabilities
• Measurable cybersecurity risk reduction across the firm
• Audit-ready compliance (ISO 27001 SOC 2) with clean audits
• Fast effective M&A security due diligence
• Predictable operations with intake tracking and decision documentation
• Risk posture visibility for leadership decision-making
• High-performing cybersecurity and compliance team

Key responsibilities

Strategic planning and roadmap development

Build and maintain multi-year cybersecurity roadmap aligned to business objectives

Conduct annual risk assessments and prioritize top risks with clear mitigation plans

Define security architecture vision and incremental implementation phases

Establish measurable security metrics and KPIs with executive dashboards

Present strategic security initiatives to leadership with business cases and ROI

Balance long-term strategic initiatives with tactical operational demands

Drive annual security budget planning with justified resource requirements

Cybersecurity function expansion

Transition team from compliance-focused to balanced security engineering compliance model

Identify capability gaps and build hiring plan for cybersecurity engineers

Implement security operations center (SOC) capabilities or managed service partnerships

Establish threat intelligence program with proactive threat hunting

Expand from reactive security to proactive security posture management

Define clear escalation paths and on-call rotation for security incidents

Mature incident response from ad-hoc to structured playbook-driven approach

Cybersecurity program leadership

Lead cybersecurity strategy with prioritized measurable risk reduction initiatives

Implement security engineering standards and control frameworks

Drive incident response readiness and rapid threat containment

Partner with infrastructure networking and DevOps on security architecture

Provide practical security guidance that enables business outcomes

Drive cloud security strategy across Azure AWS and SaaS applications

Address AI/ML security risks as firm expands AI capabilities

Compliance execution

Own ISO 27001 and SOC 2 compliance programs and audit execution

Maintain audit-ready evidence and compliance documentation

Manage security questionnaires and assessments for clients

Coordinate penetration testing and vulnerability remediation

Ensure compliance with regulations (GDPR HIPAA state privacy laws)

M&A security due diligence

Assess cybersecurity and compliance posture of acquisition targets

Identify security risks and integration requirements

Provide clear risk recommendations to deal teams

Support secure integration of acquired firms

Balance security rigor with M&A timeline constraints

Operations and governance

Run predictable intake prioritization and execution model

Implement escalation paths with clear on-call coverage

Track decisions actions and risk acceptance through governance

Provide regular security and compliance reporting to leadership

Drive continuous improvement through metrics and post-incident reviews

Ensure all security meetings produce documented decisions or actions

Team leadership

Build and develop cybersecurity and GRC analyst capabilities

Recruit and onboard cybersecurity engineers to expand technical depth

Provide clear ownership and accountability for team deliverables

Create career development paths for security professionals

Foster collaboration across IT and business stakeholders

Model extreme ownership and solution-oriented leadership

Required experience

7 years cybersecurity or GRC experience

5 years leading security or compliance teams

Proven track record building cybersecurity roadmaps and strategic plans

Experience expanding security teams and capabilities

Audit program management (ISO 27001 SOC 2 or equivalent)

Security engineering and architecture experience

M&A security due diligence experience

Required technical knowledge

Security frameworks (NIST ISO 27001 SOC 2 CIS Controls)

Security tools (SIEM EDR DLP vulnerability management GRC platforms)

Cloud security (Azure AWS or GCP)

Identity and access management

Incident response and threat analysis

Security compliance and audit processes

Risk assessment and management methodologies

Cybersecurity maturity models and capability assessment

Security metrics KPIs and executive reporting.

Required leadership capabilities

Strategic thinking with ability to translate business objectives into security roadmaps

Program management of multi-year multi-initiative security programs

Building and developing high-performing teams

Clear communication of security risks to executives and non-technical audiences

Stakeholder management across IT legal HR and business units

Decision-making under uncertainty with clear risk tradeoffs

Ownership mentality with accountability for results

Ability to articulate why behind security decisions and provide clear recommendations

Preferred

Accounting or financial services industry knowledge

Microsoft security stack expertise (Defender Sentinel Purview Entra ID)

GRC platform experience (Vanta OneTrust ServiceNow GRC)

Penetration testing or offensive security background

Zero Trust architecture implementation experience

AI/ML security and responsible AI framework knowledge

Certifications: CISSP CISM CISA ISO 27001 Lead Auditor Azure Security Engineer