Information Security Manager

Thorlabs is pleased to play a role in advancing science through the components, instruments, and systems we design and manufacture. We believe that science and innovation have great potential to improve the world around us and are committed to advancing photonics (i.e., light-based) technologies that positively impact our customers, employees, and communities. Via educational outreach and more sustainable business practices, we continuously invest in a brighter future. We recognize that each of our employees is a unique individual with the ability to contribute to our success and seek to find great people who will thrive in our fun, fast-paced culture.

The Information Security Manager (ISM) is responsible for developing, managing, and executing the organization’s Governance, Risk, and Compliance (GRC) initiatives. This role focuses on aligning the organization with regulatory compliance frameworks such as PCI-DSS, CMMC 2.0, and ISO27001. The ISM drives security best practices, mitigates risks, and ensures adherence to critical industry standards.

Although the location of the position is in Newton, NJ, from time to time it may be required to undertake duties at other Thorlabs locations.

Essential Job Functions include the following, but are not limited to:

Governance and Policy Management

• Develop, review, and update information security policies, standards, and procedures in line with best practices and regulatory requirements.
• Ensure compliance with laws, regulations, and standards, including PCI-DSS and CMMC certification.
• Communicate effectively with stakeholders to address compliance challenges and ensure transparency.

Risk Management

• Define Key Risk Indicators (KRIs) and produce metrics to assess the organization’s security posture.
• Conduct risk assessments, identify vulnerabilities, and prioritize risk mitigation strategies.
• Collaborate with IT and business units to integrate risk management practices into daily operations.

Compliance Leadership

• Lead and maintain compliance efforts for PCI-DSS, CMMC, and other regulatory frameworks.
• Serve as a Subject Matter Expert (SME) for PCI-DSS and CMMC, supporting teams in meeting compliance requirements.
• Manage relationships with external auditors and oversee certification audits.

Incident Management and Response

• Support incident response efforts by ensuring proper governance, documentation, and adherence to compliance requirements.
• Provide guidance on compliance and governance implications of security incidents and remediation efforts.

Audit and Reporting

• Coordinate and lead internal audits and manage external audits related to security and compliance programs.
• Prepare reports and dashboards for executive management, highlighting key metrics on governance, risk, and compliance activities.
• Organize and provide evidence for third-party audits while ensuring successful responses.

The Company retains the right to change or assign other duties to this position.

Physical Activities:

This is largely a sedentary role; however, it may require the ability to lift, bend or stand as necessary. The employee may occasionally lift or move objects up to 25 pounds.

Requirements

Experience:

• 10+ years of professional experience, including 5+ years in information security with a focus on GRC.

• Proven experience with regulatory frameworks (e.g., ISO27001, NIST, CMMC, PCI-DSS, GDPR).
• Familiarity with GRC tools (e.g., RSA Archer, ServiceNow GRC).
• Experience in cloud security governance for providers like Azure or AWS.
• Project management experience, particularly in compliance and audit initiatives.

Education:

• Bachelor's Degree in Information Security, Computer Science, IT, Business Administration, or a related field (or equivalent experience).

Specialized Knowledge and Skills:

• Strong knowledge of risk management methodologies, security frameworks (e.g., NIST 800-53, ISO 27001), and controls.
• Hands-on experience with vulnerability management tools (e.g., Qualys, Nessus, Rapid7) and attack surface management solutions is a big plus.
• Exceptional communication skills to collaborate effectively with diverse teams and explain complex concepts to non-technical stakeholders.
• Expertise in managing internal and external audits for security certifications, including PCI-DSS and CMMC readiness.

Other:

• Compliance with International Traffic in Arms Regulations (ITAR).

Thorlabs values its diverse environment and is proud to be an Equal Employment Opportunity/Affirmative Action Employer.  All qualified individuals will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. Job descriptions are not intended as and do not create employment contracts.  The organization maintains its status as an at-will employer.  Employees can be terminated for any reason not prohibited by law.

Benefits

Thorlabs offers a complete benefits package that includes medical, dental and vision insurance, company paid life insurance, a generous PTO package, a 401(k) plan, and tuition reimbursement just to name a few..