Information Security Manager

Wisconsin Foundation and Alumni Association

$100K — $130K *
US-AnywhereRemote in Madison, WI
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in Information Technology, Computer Science, or equivalent experience.
  • 7+ years in cybersecurity or related field with progressive responsibility.
  • 3+ years in leading technical security teams.
  • 5+ years of hands-on experience with enterprise security tools and technologies.
  • Experience managing relationships with security vendors and MDR providers.
  • Demonstrated experience driving security process improvements and automation.

Responsibilities

  • Lead the compliance with regulatory frameworks and internal policies including HIPAA and PCI-DSS.
  • Oversee vulnerability management efforts and coordinate risk assessments and compliance audits.
  • Partner with senior leadership to define and execute the strategic roadmap for security programs.
  • Ensure timely triage and resolution of security incidents, acting as an escalation point.
  • Champion automation and AI-enabled security tooling to improve operational efficiency.
  • Manage and develop the security team, including performance management and career development.
  • Foster a culture of security accountability and lead the security awareness training program.

Benefits

  • Generous 10% 401k contribution after just one year of service.
  • Competitive pay and outstanding benefits program.
  • Opportunities for professional development and training.
Full Job Description
Overview

The Information Security Manager is responsible for leading and continuously improving the security posture, day-to-day operations, security engineering, incident response, vulnerability management, and governance, risk, and compliance (GRC) functions, and executing the organization’s strategic direction. This role is also highly focused on operational excellence, a security-first culture, and a strong mandate to drive automation and AI adoption across security operations. This position provides direct people leadership and technical oversight across the security program, recommending and setting standards and metrics to ensure a resilient and proactive and effective security posture. The Information Security Manager partners closely with the Sr. Managing Director, Infrastructure & Security, Infrastructure & Security team members, and other stakeholders to translate organizational priorities into actionable security roadmaps, ensuring consistent operational excellence across all security functions, and to develop the engineers and administrators within the team.

 

The ideal candidate combines deep technical credibility in cybersecurity with proven people management skills, strong judgment under pressure, and the ability to influence security culture and provide security education across technical and non-technical teams. This is a hybrid position that will require you to work on-site in our Madison, WI office location at least two days a week.   

 

Essential Functions

Security Governance, Risk & Compliance 

  • Lead and oversee the compliance with regulatory frameworks and internal policy requirements including HIPAA, PCI-DSS, and NIST.
  • Ensure consistent application of security patches, vulnerability remediation, access controls, and configuration hardening across endpoints, servers, cloud workloads, and network environments.
  • Lead and oversee vulnerability management efforts, risk assessments, and compliance audits, ensuring findings are prioritized and remediated in alignment with business risk tolerance.
  • Oversee the development and maintenance of security policies, standards, and procedures across the organization.
  • Lead or oversee penetration testing efforts and coordinate remediation of identified vulnerabilities.
  • Oversee third-party risk management processes, ensuring vendor security practices are evaluated and contractual security requirements are enforced.
  • Promote a culture of security accountability and risk-informed decision-making across technical and business teams.
  • Lead and oversee the security awareness training program for the organization.

 Strategic Direction & Stakeholder Management

  • Partner with the Sr. Managing Director, Infrastructure & Security to define and execute the strategic roadmap for the organization’s security program.
  • Translate organizational and business priorities into actionable project plans, resourcing decisions, and operational standards.
  • Provide architectural and operational oversight for security initiatives, ensuring alignment with infrastructure standards, compliance requirements, and scalability needs.
  • Serve as an escalation point and primary liaison with external security vendors, Managed Detection & Response (MDR) providers, third-party security partners, overseeing service deliver, performance and SLA compliance.
  • Stay current with industry trends, emerging threats, threat intelligence, and vendor roadmaps to inform security strategy, tooling, and investment decisions.
  • Report on team performance, project status, capacity, security posture and risk to the Sr. Managing Director and other stakeholders, including budget and resourcing recommendations.
  • Drive cross-functional collaboration with other Infrastructure & Security teams on security requirements and shared initiatives.

Security Optimization, Automation & AI Enablement 

  • Oversee the day-to-day operations of the Security team, ensuring a reliable, proactive, and high-performing security program across the organization’s technology environments.
  • Ensure timely triage, escalation, and resolution of security incidents, acting as an escalation point for complex or high-impact security events.
  • Review and approve security changes, ensuring adherence to change management practices and minimizing operational and security risk.
  • Oversee root cause analysis, post-incident reviews, and remediation planning for significant security incidents, breaches, or degradations.
  • Ensure incident response plans, disaster recovery procedures, and business continuity mechanisms are maintained and regularly tested in collaboration with cross-functional teams.
  • Champion automation, scripting and AI-enabled security tooling to reduce manual effort and improve operational efficiency across security operations.
  • Maintain oversight of technical documentation, security configuration standards, and monitoring/alerting baselines for all security systems.
  • Manage and prioritize the security project portfolio, ensuring projects are delivered on time, within scope, and aligned with business needs.
  • Work cross-functionally within the Infrastructure & Security team to identify and assist with operational optimization for other teams

Team Leadership & Development 

  • Lead, coach, and develop the security team including hiring, onboarding, performance management, and career development.
  • Set team goals, workload priorities, staffing plans, schedules, on-call rotations, and after-hours coverage to support reliable security operations.
  • Conduct regular one-on-ones, performance reviews, and development planning to build technical depth, bench strength, and succession readiness.
  • Foster a collaborative, accountable, service-oriented culture that emphasizes security excellence, customer engagement, documentation, continuous learning, innovation, and operational ownership.
  • Identify skills gaps and training needs and coordinate certifications and professional development opportunities for team members.
Qualifications

Required Qualifications:

  • Bachelor’s degree in Information Technology, Computer Science, or relevant experience that provides equivalent knowledge, skills, or abilities.
  • 7 + years of progressive experience in cybersecurity, security engineering, or a related field.
  • 3 + years of experience directly managing or leading technical security teams, including hiring, performance management, and staff development.
  • 5 + years of hands-on experience with enterprise security tools and technologies, including SIEM, EDR, IDS/IPS, firewalls, and endpoint protection platforms.
  • 5 + years of experience with security architecture, incident response, vulnerability management, and compliance programs.
  • Experience managing relationships with Managed Detection & Response (MDR) providers, security vendors, and other third-party security partners.
  • Demonstrated experience leading cross-functional security projects using established project management methodologies.
  • Demonstrated success driving security process improvements, automation, or operational optimization initiatives.
  • Familiarity with regulatory frameworks and compliance standards including HIPAA, PCI-DSS, and NIST.
  • Deep understanding of cybersecurity principles, protocols, architecture, and best practices.
  • Proven ability to lead, motivate, and develop technical security teams.
  • Strong understanding of regulatory frameworks, compliance standards, and enterprise risk.
  • Excellent analytical, problem-solving, and decision-making skills, with the ability to prioritize competing demands.
  • Ability to work under pressure and manage multiple complex initiatives simultaneously.
  • Strong communication, interpersonal, and stakeholder management skills, including the ability to present to senior leadership.
  • Ability to design, document, and maintain effective procedures, processes, and automations.
  • Capable of maintaining a high degree of confidentiality and responsibility regarding information related to WFAA and any affiliate organizations.
  • Energetic, motivated, service-oriented, and able to effectively manage multiple competing priorities.
  • Flexible to new situations and challenges, and an advocate for change.
  • Experience implementing or managing AI-enabled security operations, security automation frameworks, or SOAR platforms.
  • Ability to lead cross-functional projects using lightweight project management practices.
  • Ability to understand business needs and balance usability and security.

Other Qualifications:

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
  • Strong analytical and reporting skills with experience building dashboards and using service data to drive prioritization, root-cause analysis, and continuous improvement.

 

At WFAA, we are dedicated to creating an inspiring, creative, and respectful work environment for our employees. We offer competitive pay and an outstanding benefits program, including a generous 10% 401k contribution after just one year of service! Join us and be part of a team that values your growth and well-being. Click here to learn more about our employee benefits

 

Similar Jobs

More Jobs at Wisconsin Foundation and Alumni Association

More Information Technology Jobs

Find similar Information Security Manager jobs: