Job Summary
The Manager, Information Security is responsible for managing the day-to-day operations of the Information Security function, supporting the implementation of cybersecurity programs, maintaining security controls, and ensuring compliance with applicable regulatory and company security requirements. This role partners closely with Information Technology, Engineering, and Operations to protect corporate and operational technology environments while supporting the organization's overall cybersecurity strategy.
Experience
• 5+ years of experience in Information Security, Infrastructure Services, OT Security, or related fields.
• 2+ years leading technical teams.
• Experience implementing cybersecurity policies, procedures, and controls.
• Experience supporting regulatory compliance programs, preferably NERC CIP.
• Experience conducting security and risk assessments.
• Experience with incident response, threat monitoring, IAM, and vulnerability management.
Education and Certifications
• Bachelor's degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related discipline.
• Relevant certifications preferred (CISSP, CISM, GIAC, Security+, PMP).
• Advanced degree preferred but not required.
Technical Qualifications
• Experience managing cybersecurity vendors and security technologies.
• Experience implementing and administering information security policies, technologies, controls, and management processes.
• Knowledge of NERC CIP standards and data privacy requirements.
• Experience with ITIL processes.
• Strong analytical, problem-solving, and project management skills.
• Experience with SIEM, endpoint security, vulnerability management, and identity governance platforms.
• Knowledge of NIST CSF, CIS Controls, and ISO 27001 preferred.
Essential Functions & Responsibilities
• Manage the day-to-day activities of the Information Security team, providing coaching, guidance, and performance management.
• Build, develop, and retain a high-performing information security organization.
• Establish clear performance expectations, career-development plans, and succession strategies.
• Foster a culture of accountability, continuous improvement, and cybersecurity awareness.
• Promote business partnership and consultative engagement across the enterprise.
• Support the execution of cybersecurity programs and initiatives that align with business objectives and regulatory requirements.
• Manage security operations across corporate, cloud, and operational technology (OT) environments, including monitoring, incident response, identity and access management, and vulnerability management.
• Implement and maintain security controls, standards, and procedures to protect company information systems and assets.
• Coordinate cybersecurity activities supporting NERC CIP compliance, regulatory audits, and security assessments.
• Conduct security risk assessments, identify vulnerabilities, and partner with stakeholders to implement remediation plans.
• Support security architecture reviews, technology implementations, and system changes to ensure compliance with established security standards.
• Partner with IT, Engineering, Operations, and business teams to address cybersecurity risks and support secure business operations.
• Review and approve security requirements for infrastructure, cloud, application, and enterprise architecture initiatives.
• Provide cybersecurity oversight for major technology projects and system changes.
• Evaluate security technologies and recommend investments supporting risk reduction.
• Lead the implementation and lifecycle management of enterprise security tools.
• Manage cybersecurity vendors and technologies to ensure effective service delivery and continuous improvement of security operations.
• Prepare operational security metrics, reports, and documentation to support leadership decision-making.
• Promote cybersecurity awareness by supporting employee training and security awareness initiatives.
• Maintain knowledge of emerging cybersecurity threats, technologies, and industry best practices to support continuous improvement.
• Partner with Legal, HR, Compliance, and IT leadership on cybersecurity investigations and evidence preservation activities.
• Coordinate litigation hold requirements involving cybersecurity incidents, employee investigations, electronic discovery, and regulatory inquiries.
• Support forensic collection, chain-of-custody processes, and evidence management activities.
• Ensure appropriate preservation and protection of security-related records and audit evidence.
• Promote a culture of cybersecurity awareness, accountability, and continuous improvement.
Work Environment
• Excellent communication and presentation skills.
• Strong analytical and problem-solving abilities.
• Experience managing distributed teams and collaborating with global stakeholders.
Office Physical Requirements:
All positions in our office require interaction with people and technology while either standing or sitting. In order to best serve our customers, internal and external, all associates must be able to communicate face-to-face and on the phone with or without reasonable accommodation. NovaSource is committed to compliance with its obligations under all applicable state and federal laws prohibiting employment discrimination. In keeping with this commitment, it attempts to reasonably accommodate applicants and employees in accordance with the requirements of the disability discrimination laws. It also invites individuals with disabilities to participate in a good faith, interactive process to identify reasonable accommodations that can be made without imposing an undue hardship.
Potential candidates will meet the education and experience requirements provided on the above job description and excel in completing the listed responsibilities for this role.