Job Description:The Information Security Manager (ISM) is a strategic, advisory-focused leader responsible for the security integrity of the organization's third-party ecosystem and internal business continuity. Operating with a "judgment-first" mindset, the ISM excels atinfluencing stakeholders and translating complex technical risks into clear business impact for executive leadership. This role is a critical partner in strategic sourcing, long-term risk mitigation, and providing specialized security guidance during occasional Mergers & Acquisitions (M&A) activities.
Core ResponsibilitiesStrategic Influence & Third-Party Risk- Stakeholder Persuasion: Act as a primary advisor to business owners, using data-driven insights to influence vendor selection and security investment decisions.
- Security Consultation: Provide expert security judgment and technical evaluations for vendor partnerships. Lead security posture reviews and negotiate remediation action plans with external partners.
- Strategic Sourcing Support: Partner with Sourcing and Procurement teams to ensure vendor contracts include necessary security SLAs and align with corporate risk appetite.
- Solutions-Driven Mitigation: Design and evaluate compensating controls and alternative security strategies when standard requirements cannot be met, balancing risk with business velocity.
Business Continuity & Risk Management- Resilience & Recovery: Align business units with global continuity frameworks (e.g., ISO 22301, NIST). Author and maintain Business Impact Analyses (BIAs) and recovery plans.
- Process Optimization: Drive continuous improvement of security and continuity workflows using Lean Six Sigma or similar process-design techniques.
- Incident Command: Lead the development of Incident Management teams; coordinate IT disaster recovery testing and scenario validation.
Project & Program Management- Performance Tracking: Maintain high-visibility dashboards (Power BI, Tableau) to track security KPIs and project milestones.
- Ticketing & Workflow: Manage complex security task lifecycles within enterprise ticketing platforms (e.g., Jira, ServiceNow).
- Cross-Functional Leadership: Facilitate issue resolution using root-cause analysis (RCA) frameworks to resolve dependencies across IT and Business departments.
M&A Advisory- Due Diligence Support: Provide security SME support for M&A activities as needed, performing risk assessments for potential acquisitions.
- Integration Planning: Assist in designing security integration roadmaps to ensure newly acquired entities meet corporate security standards.
Key Soft Skills & Leadership- Executive Influence: Ability to perform "risk storytelling," translating technical vulnerabilities into business impact to secure buy-in from the C-suite and Board.
- Strategic Thinking: Connect InfoSec, Business Continuity, and Vendor Risk strategies to broader corporate objectives.
- Diplomacy & Negotiation: A proven track record of building consensus, securing resources, and navigating conflicting priorities between external vendors and internal executives.
- Change Management: Ability to influence organizational culture and drive the adoption of new security behaviors across diverse business units.
Job Qualifications:Qualifications & Technical Requirements- Experience: 7+ years in Information Security, Risk Management, or Business Continuity, preferably within a regulated financial environment.
- Technical Proficiency: Deep understanding of encryption standards, access controls, and data protection compliance.
- Framework Knowledge: Strong working knowledge of SOC 2, ISO 27001, and NIST CSF.
- Methodology: Familiarity with Lean Six Sigma, ITIL, or PMP frameworks.
- Certifications: CISSP, CISM, or CBCP (Business Continuity) are highly preferred.
- M&A Experience preferred
Annual Pay Range:134,400 - 170,000 USD
Application Window:This opportunity is expected to remain posted through the date identified below, subject to business needs.
2026-06-05
Thrive with CotalityAt Cotality, we offer more than just a job, we provide a benefits experience designed to support your whole self. From a flexible working model to competitive time off and standout health coverage with meaningful perks and growth opportunities, our package is built to help you thrive at work and in life.
Highlights, depending on role classification, include:
- Time off: Generous PTO and 11 paid holidays, plus well-being and volunteer time off.
- Family Support: Up to 16 weeks of fully paid parental leave and a baby stipend.
- Health: Multiple medical plan options with mental health and wellness support offerings.
- Retirement: 401(k) with company match and vesting after one year.
- Financial Perks: $400 annual well-being stipend and tuition assistance up to $5,250.
- Extras: Recognition Rewards, Referral bonuses, exclusive discounts and more!
