Senior Manager, Information Security

Description

Position Summary:

The Senior Manager, Information Security leads the design, implementation, and oversight of enterprise-wide information security programs, ensuring the confidentiality, integrity, and availability of company systems and data. This role is responsible for risk management, regulatory compliance, vendor security, incident response, and security awareness initiatives. The position requires deep technical knowledge of security practices, cloud environments, and regulatory frameworks, combined with strong leadership, communication, and collaboration skills to work cross-functionally across the organization and with external partners.

Primary Responsibilities

Planning and Processes:

• Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives.
• Identify, assess, and deploy security technology solutions and partners.
• Conduct regular assessments of the IT security environment to identify cybersecurity gaps and evaluate potential risk exposure.
• Lead the development, implementation, and monitoring of IT security policies, standards, procedures, and guidelines.
• Collaborate on technology projects to ensure security issues are addressed throughout the project life cycle.
• Provide oversight for cloud security architecture, including identity and access management (IAM), data protection, encryption, and security configuration for SaaS, IaaS, and PaaS environments.
• Evaluate and monitor third-party vendor security practices through regular assessments, risk evaluations, and contract reviews to ensure compliance with company standards and regulatory requirements.
• Collaborate on disaster recovery, business continuity planning, and incident response processes.

Operational:

• Lead the enterprise-wide security incident response program, coordinating containment, investigation, root cause analysis, lessons learned, and post-incident reporting.
• Ensure that network devices and PCs are maintained via upgrades, patches, and updates with appropriate security controls.
• Maintain, manage, and monitor compliance with security control frameworks such as NIST Cybersecurity Framework (NIST CSF) and Payment Card Industry (PCI DSS).
• Serve as a technical subject matter resource on security-related projects.
• Ensure data integrity, confidentiality, and protection of company systems.
• Lead contracted security assessments and drive remediation partnering with business and IT teams.
• Work with auditors to demonstrate processes and ensure appropriate levels of access throughout the information lifecycle.
• Design, deliver, and continuously improve security training programs, phishing simulations, and awareness campaigns.
• Lead compliance efforts with regulatory frameworks including CCPA, PCI DSS, and applicable privacy/security laws.
• 24x7 on-call availability in the event of an emergency.

Requirements

Knowledge, Skills and Abilities:

• Knowledge of trends and developments in technology relating to security and risk management.
• Strong understanding of information security controls, risks, and threats.
• Knowledge of enterprise security technologies such as VPN, encryption, firewalls, intrusion detection/prevention, and anti-virus (Crowdstrike experience preferred).
• In-depth understanding of cloud security principles and architectures (AWS, Azure, GCP), workload protection, identity governance, and secure configuration management.
• Knowledge of information security standards, data privacy laws, and federal data protection regulations.
• Experience with security audits, customer security questionnaires, and regulatory assessments.
• Ability to analyze, prioritize, and mitigate security risks across technology and business processes, including vendor risk and supply chain risk.
• Excellent communication skills; ability to convey technical concepts to non-technical audiences.
• High integrity and professionalism.
• Ability to manage multiple priorities and meet deadlines.

Qualifications:

• Bachelor’s degree in information technology, cybersecurity, or a related field.
• Minimum 5-7 years of progressive experience in information security, with at least 2 years in a leadership or management role.
• Security certifications such as Security+, CISSP, CISM, GIAC or cloud security certifications (e.g., CCSP, AWS Security) strongly preferred.
• Prior experience with a business or financial services firm is preferred.

Additional Comments:

• Hours: 8:00 a.m. – 5:00 p.m.; some overtime may be required.
• Location: This position is based out of our corporate office in Wayne, PA, with a hybrid work schedule requiring three days in the office per week.
• Travel: Occasional local travel and infrequent air travel.

AD is proud to be an equal employment opportunity employer. Qualified candidates are considered for employment without regard to race, religion, gender, gender identity, sexual orientation, national origin, age, military or veteran status, disability, or any other characteristic protected by applicable law. At AD, we support a collaborative and inclusive environment. We value open participation from individuals with different ideas, experiences, and perspectives which we believe make AD a better place to work.