Information Security Manager (Remote)

General Information

Location: Cary, NC, Remote

Organization: WCG

Job Type: Full Time - Regular

Benefits

• Comprehensive Benefits package - Health, Dental, Vision, Life Disability, 401k with match, and flexible spending accounts
• Employee Assistance Programs and additional work/life resources
• Referral Bonuses and Tuition Reimbursement
• Flexible PTO
• Volunteer Time Off to benefit the community
• Opportunities for career development with on-the-job training, certification assistance and continuing education reimbursement

Salary Range: $82,080 to $127,500.

Job Summary

The Cybersecurity Manager is a key member of the Information Security team, directly supporting the Chief Information Security Officer (CISO) in the design, implementation, and ongoing operation of the organization's security program. This role holds primary accountability for maintaining compliance with SOC 2 and ISO 27001 frameworks, facilitating governance committee activities, and acting as a liaison between the security program, internal project teams, and external customers. The Security Manager combines technical knowledge with strong organizational and communication skills to protect the organization's information assets while enabling business objectives.

Responsibilities

Framework Compliance – SOC 2 & ISO 27001

• Own and manage the organization's SOC 2 (Type I & II) and ISO 27001 compliance programs end‑to‑end, including control design, evidence collection, gap assessments, and remediation tracking.
• Serve as the primary point of contact with external auditors and certification bodies; coordinate audit readiness activities and ensure timely responses to audit requests.
• Maintain and continuously improve the Information Security Management System (ISMS) in alignment with ISO 27001 requirements.
• Monitor the regulatory and standards landscape for updates to SOC 2 Trust Services Criteria and ISO 27001:2022 and translate changes into actionable program updates.
• Develop, review, and maintain information security policies, standards, and procedures that satisfy framework requirements.
• Track and report on control effectiveness metrics, audit findings, and remediation status to the CISO and senior leadership.

Governance & Committee Management

• Plan, schedule, and facilitate Information Security Committee meetings, including agenda preparation, material distribution, minute‑taking, and action item tracking.
• Coordinate cross‑functional participation in governance bodies (e.g., Risk Committee, Change Advisory Board) and ensure security representation and follow‑through.
• Prepare governance dashboards, risk registers, and Key Risk Indicator (KRI) / Key Performance Indicator (KPI) reports for committee review.
• Drive accountability across business units by tracking and escalating open security action items through appropriate governance channels.

Security Program Management

• Support the CISO in the development, execution, and reporting of the annual information security roadmap and strategic plan.
• Maintain the security program portfolio, including project status, milestones, dependencies, risks, and resource utilization.
• Contribute to security initiatives such as vulnerability management, third‑party risk management, security awareness training, and incident response planning.
• Develop and maintain a security metrics program that provides visibility into the health and maturity of the information security function.
• Support budget planning and vendor management activities relevant to security tools, assessments, and services.
• Identify and evaluate unsanctioned or emerging AI tool use across the organization (shadow AI), and support processes to assess and approve AI applications in alignment with security and privacy requirements.
• Track developments in the AI risk and regulatory landscape and surface implications for the security program to the CISO.

Collaboration with Internal Stakeholders

• Act as the embedded security resource and advisor for internal project teams throughout the project lifecycle, from initiation through closure.
• Conduct security reviews and risk assessments for new projects, system changes, and technology implementations; provide documented risk guidance and approval recommendations to project managers.
• Ensure security requirements are captured and tracked in project plans, and that security sign‑off is obtained prior to production releases.
• Participate in project steering committees and sprint reviews to surface and address security risks promptly.
• Serve as a liaison and coordination point between CISO’s office and internal security disciplines, ensuring alignment on priorities and program goals.
• Partner with Security Architecture to incorporate security requirements into new designs and technology decisions.
• Work closely with Risk and Compliance to align risk assessment activities with enterprise risk management.
• Coordinate with Cybersecurity Operations on threat monitoring, incident escalation procedures, and operational security metrics.
• Collaborate with Security Architecture and Cybersecurity Operations to assess AI‑specific threat vectors.
• Collaborate with Legal, HR, IT, Product, and Finance to embed security requirements into business processes, contracts, and change activities.
• Act as an extension of the CISO within cross‑functional forums, representing the security organization’s priorities.

Customer & External Stakeholder Engagement

• Respond to customer security questionnaires, due diligence requests, and RFP security sections professionally and promptly.
• Serve as a subject‑matter expert during customer security reviews, audits, and contract negotiations.
• Maintain and continuously improve a customer‑facing security trust package.
• Build and nurture positive relationships with customer security teams.
• Incorporate AI‑related security considerations into customer due diligence responses and vendor assessments.

CISO Support & Additional Responsibilities

• Provide direct coordination and strategic support to the CISO, including preparing briefings, board presentations, and executive reports.
• Monitor threat intelligence and summarize relevant developments for CISO review.
• Oversee and coordinate the security awareness and training program.
• Support development and testing of Incident Response and Business Continuity plans.
• Collaborate in third‑party and vendor risk assessments.
• Stay current on emerging security trends, regulations, and best practices.
• Coordinate with Legal and Privacy teams on AI adoption data‑protection implications.
• Other duties as assigned by supervisor.

Education Requirements

• Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field required.
• Master's degree or equivalent advanced education in a relevant discipline is a plus.

Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• ISO 27001 Lead Implementer or Lead Auditor
• SOC 2 / AICPA CISA or equivalent audit‑related credential
• CRISC or other relevant certifications

Qualifications / Experience

• 5+ years of progressive experience in information security, risk management, or IT compliance.
• Hands‑on experience managing SOC 2 audits and ISO 27001 certifications.
• Strong working knowledge of SOC 2 Trust Services Criteria and ISO 27001:2022 control frameworks.
• Familiarity with additional frameworks such as NIST CSF, HIPAA, GDPR, SOX, PCI DSS, and FedRAMP.
• Experience with GRC platforms such as Vanta, Drata, OneTrust, ServiceNow GRC, or similar.
• Proficiency in risk assessment methodologies and security documentation practices.
• Knowledge of cloud security concepts (AWS, Azure, GCP) and common enterprise security technologies.
• Awareness of AI‑specific security risks and familiarity with NIST AI Risk Management Framework (AI RMF 1.0) or ISO/IEC 42001.
• Experience supporting or working directly with a CISO or senior security executive in a program management capacity.
• Track record of engaging with external customers on security topics.
• Experience facilitating cross‑functional governance meetings.
• Exposure to AI risk management concepts.
• Exceptional written and verbal communication skills.
• Strong organizational and project management skills.
• Collaborative, relationship‑oriented approach with influence at all levels.

Travel Requirements

5% - 10%

Physical and Sensory Requirements

The physical and sensory requirements described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be offered to individuals with disabilities to assist in performing the essential functions of the position. Work activities involve light to moderate physical effort (for example, sitting in one place for extended periods of time, standing, walking, bending, lifting lightweight objects, intermittent to sustained periods of keyboarding). Majority of time is spent in a seated position with frequent opportunity to move about at will. Activities require a variety of easy muscle movements. Work activities involve a frequent need to concentrate on a variety of sensory inputs for moderate to lengthy durations at a time requiring diligence and attention to interpret effectively. There will be a need to attend to single or simultaneous tasks where accuracy of details is important. The need to detail and precise work is high.

Equal Employment Opportunity Statement

WCG is proud to be an equal opportunity employer – Qualified applicants will receive consideration for employment based on merit and without regard to race, color, national origin or ancestry, religion or creed, sex, sexual orientation, gender expression, gender identity, age, marital status, family or parental status, disability, genetic information, citizenship, veteran status, or any other legally recognized basis or status protected by federal, state, or local law. WCG complies with the Vietnam Era Veterans' Readjustment Act and Section 503 of the Rehabilitation Act. We promote a "One WCG" culture where all are welcome, respected, valued, and empowered to make a difference every day to advance clinical research.