Req ID: 375972
We are currently seeking a Information Security Manager (ISM) - Remote US to join our team in Irving, Texas (US-TX), United States (US).
The
Information Security Manager (ISM) serves as the primary information security advisor and trusted partner for assigned customer accounts. This
individual contributor role is responsible for overseeing and coordinating information security services delivered by NTT DATA, ensuring alignment with customer business objectives, security policies, contractual obligations, and regulatory compliance requirements.
The ISM collaborates closely with customer leadership, technical teams, and service delivery organizations to proactively identify security risks, recommend appropriate mitigation strategies, and drive continuous improvement of the customer's security posture.
A key focus of this role is the leadership and advancement of the
Threat and Vulnerability Management Program, including vulnerability identification, risk-based prioritization, remediation governance, reporting, and enterprise coordination across internal and third-party stakeholders.
The responsibilities of the ISM include:• Ensure the delivery of information security services to the customer follows the contract and any applicable standards and regulatory requirements (e.g., PCI, SOX)
• Collaborate with the client in the definition and implementation of information security policies, strategies, procedures and configurations to ensure confidentiality, integrity and availability of client's environment and data
• Participate with the customer in the strategic design process to translate security and business requirements into processes and systems
• Evaluate new / emerging security products and technologies and make recommendations to customer leadership about the security posture impact on the organization
• Identify, review and recommend information security improvements as they relate to the achievement of the customer's business goals and objectives
• Manage and drive remediation efforts related to information security; remediation may be from incidents, penetration tests, vulnerability scans, internal/external audits and Critical Practice assessments
• Identify information security weaknesses and/or gaps in the customer's current operations and work with the customer to bring information security operations up to standards
• Participate and represent IT Security in Delivery/Operational meetings; conduct an information security operational review meeting with account (e.g., Customer Delivery Executive) and customer (e.g., CISO) key stakeholders with topics including information security status and performance
• Review service management reports to ensure tickets (i.e., incidents, problems, requests, changes) related to information security, are being acknowledged, worked and Service Level Agreements are being met; provide direction on ticket remediation and ensure remediation is complete
• Conduct an ongoing security awareness program for NTT DATA personnel supporting the customer ensuring individuals understand and are compliant with the relevant information security obligations in support of the customer; program should address relevant security topics and adequately provide guidance on security policies and supporting documentation
• Cultivate trusted partner relationships with account and customer; keep consistent and open dialogue to uncover issues, challenges, risks
• Maintain an information security strategy (forward looking roadmap), for your customer, aligning services / portfolio components to the strategy
• The role will be responsible for assessing the security vulnerabilities & threats identified by the infrastructure scan. This person will work with appropriate teams across the businesses and associated 3rd parties to ensure appropriate remediation plans are defined and implemented.
• Maintaining appropriate documentation that defines the Threat & Vulnerability Management Program, Policy and Procedures.
Required Qualifications:Experience- 8+ years of experience in Information Security, Cybersecurity, Risk Management, Security Operations, or related disciplines.
- 5+ years of experience managing or leading vulnerability management, threat management, security governance, or risk remediation programs.
- Experience supporting enterprise-scale environments and customer-facing security engagements.
- Experience coordinating remediation activities across multiple technical teams and business stakeholders.
Technical Knowledge- Strong knowledge of vulnerability management methodologies, frameworks, and best practices.
- Experience with vulnerability assessment and scanning tools such as:
- Tenable/Nessus
- Qualys
- Rapid7 InsightVM
- Microsoft Defender Vulnerability Management
- Understanding of security controls across:
- Infrastructure
- Network
- Cloud platforms
- Endpoints
- Identity and Access Management
- Applications
- Knowledge of security frameworks and regulatory requirements such as:
- NIST
- CIS Controls
- ISO 27001
- PCI-DSS
- SOX
Nice-to-Have Qualifications:Preferred Experience- Experience supporting managed security services or large enterprise outsourcing engagements.
- Experience working directly with CISOs and senior executive stakeholders.
- Experience with cloud security platforms including Azure, AWS, and Google Cloud.
- Knowledge of threat intelligence, attack surface management, and security architecture principles.
- Familiarity with ServiceNow, Archer, Jira, or other governance and remediation tracking tools.
- Experience developing vulnerability management metrics, KPIs, and executive dashboards.
- Experience supporting audits and compliance assessments in highly regulated environments.
- Knowledge of security automation and orchestration practices.
Leadership Characteristics and Professional Skills- Strategic thinker with a proactive risk management mindset.
- Ability to build trusted customer relationships and influence decision-making.
- Strong facilitation and cross-functional collaboration skills.
- Continuous improvement orientation focused on measurable security outcomes.
- Strong analytical and risk assessment capabilities.
- Excellent verbal, written, and executive presentation skills.
- Ability to influence stakeholders and drive remediation efforts without direct authority.
- Strong customer relationship management and consulting skills.
- Proven ability to manage competing priorities in a fast-paced environment.
Education- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
- Equivalent combination of education and relevant experience may be considered.
Certifications- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- GIAC Certifications (GSEC, GCIH, GPEN)
- Security+
- Certified Ethical Hacker (CEH)
NTT DATA provides a reasonable range of compensation for U.S.-based positions. The starting pay range for this remote role is $116,000- $226,000. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate's actual work location, relevant experience, technical skills, and other qualifications
NTT DATA provides a reasonable range of compensation for U.S.-based positions. The starting pay range for this role is [annual salary range or hourly range]. Actual compensation will depend on a number of factors, including the candidate's relevant experience, technical skills, and other qualifications.
This position may also be eligible for incentive compensation based on individual and/or company performance. If the position offered in temporary, the position will not be eligible for incentive compensation.