Senior Manager, IT Security - Hybrid (Atlanta, GA.)

No other company in our industry is supercharging the way they work and serve their clients like OneDigital. Fresh thinking has always been the core of OneDigital’s vision and growth strategy. It’s how we stand out in our industry, it’s how we stay competitive and resilient in a changing world. Most importantly, our innovative approach is helping more people do their best work and live their best lives. Innovation fuels our employee experience by making it easier to do your best work anytime, anywhere and from any device. And our tech-based products for clients are a game changer in our industry. If you thrive on change and innovation, OneDigital is the career choice for you.

Our Newest Opportunity: 

Job Overview

The Senior Manager, IT Security is responsible for developing, implementing, and managing all policies, processes, controls, and standards related to the security environment for the organization, including all offices. Reporting to the Director of IT Security, this position ensures that all IT systems, applications, and services are secured and implemented with the best security practices. The Senior Manager, IT Security is accountable for the management and control of logical access controls and sensitive access standards for all organizational applications. This role involves planning, building, delivering, and supporting the Identity and Access Management (IAM) program and providing direction and guidance on security architecture and strategy.

Key Responsibilities

• Develop and Lead Security Programs: Drive the development of comprehensive security programs that meet organizational standards and local business requirements.

• Application Security Management: Manage the application security program, define standards, policies, and procedures, and coordinate with IT teams and business stakeholders to implement and maintain secure applications.

• IAM Strategy and Implementation: Facilitate the use of technology-based tools or methodologies to design and implement products and services that provide a robust IAM program balancing access with compliance and confidentiality.

• Security Controls and Audits: Develop processes to monitor the effectiveness of security control operations, including collecting and reviewing evidence, conducting periodic audits, and communicating results to IT Management.

• Risk Management: Identify and evaluate complex business and technology risks, internal controls that mitigate risks, and opportunities for internal control improvement.

• Business Alignment: Envision business outcomes and facilitate alignment with security strategies and processes across the organization.

• Liaison for Compliance: Serve as the liaison for Internal Audit, Legal, and Compliance teams to remediate security access and other IT audit issues.

• Documentation and Policies: Develop and maintain documentation of security controls, policies, and procedures.

• Technical Consultation: Provide in-depth technical consultation to business units and IT management, assisting in developing plans and direction for integrating information security requirements.

• Incident Response: Lead the response to security incidents, including investigation, mitigation, and reporting.

• Security Awareness and Training: Develop and deliver security awareness and training programs to educate employees on security best practices and policies.

• Vendor Management: Manage relationships with outsourced organizations and third-party vendors to ensure security standards are maintained.

Qualifications

• Education: Bachelor's degree in computer science, information systems, engineering, or a related field.

• 10+ years of demonstrated success in developing, implementing, and executing security programs.

• 7+ years of hands-on experience with IT security audits and/or compliance, with familiarity with SOC or SOX requirements preferred.

• Technical Skills:

• Extensive hands-on knowledge of identity and access management best practices, procedures, and software solutions such as CyberArk, Okta, etc.

• Experience with security technologies such as single sign-on (SSO), two-factor authentication, privileged access management, etc.

• Proficiency with Windows, Linux/Unix, scripting (Bash, Powershell, or Perl), LDAP, SQL, and web services.

• Experience with application security assessment tools such as WhiteHat, AppScan, WebInspect, Fortify, Veracode, Paros Proxy, Varonis, etc.

• Experience with SSO and PKI Certificate Authority is preferred.

• Strong planning, organization, communication, presentation, multitasking, prioritization, and business analysis skills.

• Ability to work in a demanding and high-pressure environment.

• Strategic thinking and the ability to incorporate business needs into technical roadmaps.

• Certifications: Desired but not required - Certification in Information Assurance Management, Certified Information Systems Security Professional (CISSP), and/or Certified Information Security Manager (CISM).

Additional Information

The statements above are intended to describe the general nature and level of work performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all duties, responsibilities, and skills required for this position.

Your base pay is dependent upon your skills, education, qualifications, professional experience, and location. In addition to base pay, some roles are eligible for variable compensation, commission, and/or annual bonus based on your individual performance and/or the company’s performance.  We also offer eligible employees health, wellbeing, retirement, and other financial benefits, paid time off, overtime pay for non-exempt employees, and robust learning and development programs. You will receive reimbursement of job-related expenses per the company policy and may receive employee perks and discounts. 

To learn more, visit: www.onedigital.com/careers 

OneDigital is an equal opportunity employer. Not only as a matter of standard, but to honor and celebrate our differences. We believe that the power of ONE starts with you. We are committed to cultivating and preserving a culture that celebrates diversity, insists on equity and inclusion, and connects us. Ensuring our people feel seen, valued, respected, and supported is fundamental to our core values and business goals.

OneDigital provides equal employment opportunities to all employees and applicants for employment regardless of their: veteran status, uniformed servicemember status, race, color, religion, sex, sexual orientation, gender identity, age (40 and over), pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship or immigration status, physical or mental disability, genetic information (including testing and characteristics) or any other category protected by federal, state or local law (collectively, “protected characteristics”). A copy of the Federal EEO poster is linked here.

Pursuant to local Fair Chance Ordinances, we will consider qualified applications with arrest or conviction records for employment. For applicable candidates, the following ordinances are linked here to inform you of your rights as an applicant:

City and County of San Francsico

City of Los Angeles

County of Los Angeles

Employment decisions shall comply with all other applicable federal, state and city/county laws prohibiting discrimination in employment. OneDigital complies with all criminal history inquiry [or ‘ban the box’] laws in California, Connecticut, Colorado, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, New Jersey, New Mexico, Oregon, Rhode Island, Vermont and Washington.

In short, we believe in hiring the most qualified applicant for the position, regardless of background.

If you have questions about our hiring policies and practices, we would be happy to discuss upon receiving your application. We hope to welcome you to OneDigital and look forward to hearing from you.

Thank you for your interest in joining the OneDigital team!