Job Description:
Location: 100% remote, must live in Central or Eastern Region
Salary Range: $150,000 - $165,000
Summary
The Cybersecurity Manager is a senior role responsible for leading, maturing, and hands-on execution of the organization’s information security program. Operating across a large enterprise environment of 2,500–10,000 employees in a hybrid cloud/on-premise landscape, this individual will serve as both a strategic program leader and a working technical practitioner. With one direct report, the Cybersecurity Manager must be capable of operating independently, driving security initiatives end-to-end, and building a scalable security function aligned to industry best practices including NIST CSF, CIS Controls, and ISO 27001.
- Own and mature the organization’s information security program and policy framework
- Lead risk assessments and maintain the enterprise risk register with remediation tracking
- Develop and enforce security policies, standards, and procedures aligned to NIST CSF and CIS Controls
- Report security posture, risk trends, and program metrics to senior leadership and stakeholders
- Manage internal and external audit engagements related to cybersecurity
- Oversee day-to-day security monitoring across SIEM, EDR, and network detection tooling
- Define detection and alerting strategies; tune rules to reduce false positives
- Review and triage escalated alerts; serve as a hands-on analyst when needed
- Maintain and improve SOC playbooks, runbooks, and escalation procedures
- Serve as the Incident Response lead for all cybersecurity events and breaches
- Develop, maintain, and exercise the Incident Response Plan (IRP) and associated playbooks
- Coordinate cross-functional response with IT, Legal, HR, and Executive leadership
- Conduct post-incident reviews and drive remediation of identified gaps
- Oversee security architecture reviews for on-premise and cloud environments (AWS, Azure, or GCP)
- Ensure security-by-design principles are applied to infrastructure changes and new deployments
- Manage vulnerability management program including scanning, prioritization, and remediation tracking
- Partner with IT and DevOps teams to embed security controls into the SDLC and cloud pipelines
- Govern IAM strategy including role-based access control (RBAC), least privilege, and access reviews
- Oversee MFA, SSO, and privileged access management (PAM) implementations
- Conduct and manage periodic user access certifications across enterprise systems
- Partner with HR and IT on joiner/mover/leaver lifecycle processes
- Manage and mentor one direct report (Cybersecurity Analyst / Engineer)
- Define team priorities, manage workload distribution, and conduct performance reviews
- Build and maintain a multi-year cybersecurity roadmap aligned to organizational risk appetite
- Manage security tool stack, vendor relationships, and departmental budget
Requirements
- 7+ years of experience in cybersecurity, with at least 2 years in a lead or management capacity
- Demonstrated hands-on experience across two or more security domains (GRC, SOC, IR, Cloud Security, IAM, TPRM)
- Proficiency with SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar)
- Experience with vulnerability management tools (e.g., Tenable, Qualys, Rapid7)
- Working knowledge of cloud security in AWS, Azure, or GCP hybrid environments
- Strong understanding of security frameworks: NIST CSF, CIS Controls, ISO 27001
- Proven ability to lead incident response engagements end-to-end
- Excellent written and verbal communication skills; ability to present to executive stakeholders
- CISSP, CISM, CISA, or equivalent industry certification, preferred
- Experience building or significantly maturing a security program
- Familiarity with GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust)
- Experience with PAM tooling (e.g., CyberArk, BeyondTrust)
- Background in a large enterprise environment (2,500+ employees)