Senior Manager, Information Security

At Curriculum Associates, we believe in the potential of every child and are changing the face of education technology with award-winning learning programs like i-Ready that serve a third of the nation’s K–8 students. For more than 50 years, our commitment to making classrooms better places, serving educators, and supporting accessible learning experiences for all students has driven the continuous improvement of our innovative programs. Our team of more than 2,500 employees is composed of lifelong learners who stand behind this mission, working tirelessly to serve the educational community with world-class programs and support every day.

Essential duties/responsibilities:  

• Align security practices of semi-autonomous group within the company, including areas such as internal IT controls, SaaS operations, and development processes.

• You’ll advance our capabilities in data security, application security, and cloud architecture security for our SaaS offerings

• Identify and manage risk within the scope of a semi-autonomous group within the company
• Manage security vendor relationships
• Evaluate and recommend new security tools and vendors

• Contribute to the creation and maintenance of company-wide security and privacy policies and practices.

• Lead various compliance and governance initiative related to semi-autonomous group within the company
• Execute the company’s Security Incident Response Plan in various roles, including incident manager. 
• Respond to and interact with customers regarding inquiries about the company’s security practices.
• Deliver security awareness training for employees

Required Job Skills and Abilities:  

• Strong leadership abilities 

• The ability to effectively present security concepts to technical and non-technical staff 

• Experience with SAST/DAST/SCA tools, OWASP frameworks and threat modeling. 

• The ability to effectively work with software engineering teams to provide security input. 

• Experience using AWS security tools, models and monitoring. 

• Experience in leading incident response and securing corporate IT. 

• Automation of Security Operations Center tasks and SIEM monitoring. 

• Experience with SOC 2 audits and/or ISO-27001 standards. 

• Experience with security and phishing training for employees. 

Required Education and Experience:  

• A combination of education and experience amounting to 10 years in cybersecurity, IT, or other related engineering field. 

• Two years of people management experience 

Travel: Less than twice per month to Company offices only.