Cybersecurity Manager

Job Title: Cybersecurity Manager


Duration: Contract (Long - Term)


Location: Garden City, NY, San Ramon, CA, San Jose, CA, San Francisco, CA, Los Angeles, CA, Dallas, TX, Portland, OR, Chicago, IL, Philadelphia, PA, St. Louis, MO, Atlanta, GA, Duluth, GA, Denver, CO


Top 3 Skills

• Planning and strategy execution
• Azure
• Financial compliance

Role summary


Leadership role responsible for cybersecurity program execution, compliance operations (ISO 27001, SOC 2), and risk management within Core Technology. This role will expand Client cybersecurity capabilities from primarily compliance-focused to strategically-driven security engineering with a clear, measurable roadmap.


Mission


Protect business operations and client data through measurable risk reduction, audit-ready compliance execution, and security controls that enable business velocity without unacceptable risk. Establish 's first comprehensive cybersecurity roadmap with prioritized initiatives, clear ownership, and transparent progress tracking.


Core outcomes

• Multi-year cybersecurity roadmap with prioritized, funded initiatives
• Strategic expansion of cybersecurity engineering capabilities
• Measurable cybersecurity risk reduction across the firm
• Audit-ready compliance (ISO 27001, SOC 2) with clean audits
• Fast, effective M&A security due diligence
• Predictable operations with intake tracking and decision documentation
• Risk posture visibility for leadership decision-making
• High-performing cybersecurity and compliance team

Key responsibilities


Strategic planning and roadmap development
• Build and maintain multi-year cybersecurity roadmap aligned to business objectives
• Conduct annual risk assessments and prioritize top risks with clear mitigation plans
• Define security architecture vision and incremental implementation phases
• Establish measurable security metrics and KPIs with executive dashboards
• Present strategic security initiatives to leadership with business cases and ROI
• Balance long-term strategic initiatives with tactical operational demands
• Drive annual security budget planning with justified resource requirements


Cybersecurity function expansion
• Transition team from compliance-focused to balanced security engineering + compliance model
• Identify capability gaps and build hiring plan for cybersecurity engineers
• Implement security operations center (SOC) capabilities or managed service partnerships
• Establish threat intelligence program with proactive threat hunting
• Expand from reactive security to proactive security posture management
• Define clear escalation paths and on-call rotation for security incidents
• Mature incident response from ad-hoc to structured playbook-driven approach


Cybersecurity program leadership
• Lead cybersecurity strategy with prioritized, measurable risk reduction initiatives
• Implement security engineering standards and control frameworks
• Drive incident response readiness and rapid threat containment
• Partner with infrastructure, networking, and DevOps on security architecture
• Provide practical security guidance that enables business outcomes
• Drive cloud security strategy across Azure, AWS, and SaaS applications
• Address AI/ML security risks as firm expands AI capabilities


Compliance execution
• Own ISO 27001 and SOC 2 compliance programs and audit execution
• Maintain audit-ready evidence and compliance documentation
• Manage security questionnaires and assessments for clients
• Coordinate penetration testing and vulnerability remediation
• Ensure compliance with regulations (GDPR, HIPAA, state privacy laws)


M&A security due diligence
• Assess cybersecurity and compliance posture of acquisition targets
• Identify security risks and integration requirements
• Provide clear risk recommendations to deal teams
• Support secure integration of acquired firms
• Balance security rigor with M&A timeline constraints


Operations and governance
• Run predictable intake, prioritization, and execution model
• Implement escalation paths with clear on-call coverage
• Track decisions, actions, and risk acceptance through governance
• Provide regular security and compliance reporting to leadership
• Drive continuous improvement through metrics and post-incident reviews
• Ensure all security meetings produce documented decisions or actions


Team leadership
• Build and develop cybersecurity and GRC analyst capabilities
• Recruit and onboard cybersecurity engineers to expand technical depth
• Provide clear ownership and accountability for team deliverables
• Create career development paths for security professionals
• Foster collaboration across IT and business stakeholders
• Model extreme ownership and solution-oriented leadership


Required experience
• 7+ years cybersecurity or GRC experience
• 5+ years leading security or compliance teams
• Proven track record building cybersecurity roadmaps and strategic plans
• Experience expanding security teams and capabilities
• Audit program management (ISO 27001, SOC 2, or equivalent)
• Security engineering and architecture experience
• M&A security due diligence experience


Required technical knowledge
• Security frameworks (NIST, ISO 27001, SOC 2, CIS Controls)
• Security tools (SIEM, EDR, DLP, vulnerability management, GRC platforms)
• Cloud security (Azure, AWS, or GCP)
• Identity and access management
• Incident response and threat analysis
• Security compliance and audit processes
• Risk assessment and management methodologies
• Cybersecurity maturity models and capability assessment
• Security metrics, KPIs, and executive reporting.


Required leadership capabilities
• Strategic thinking with ability to translate business objectives into security roadmaps
• Program management of multi-year, multi-initiative security programs
• Building and developing high-performing teams
• Clear communication of security risks to executives and non-technical audiences
• Stakeholder management across IT, legal, HR, and business units
• Decision-making under uncertainty with clear risk tradeoffs
• Ownership mentality with accountability for results
• Ability to articulate "why" behind security decisions and provide clear recommendations


Preferred
• Accounting or financial services industry knowledge
• Microsoft security stack expertise (Defender, Sentinel, Purview, Entra ID)
• GRC platform experience (Vanta, OneTrust, ServiceNow GRC)
• Penetration testing or offensive security background
• Zero Trust architecture implementation experience
• AI/ML security and responsible AI framework knowledge
• Certifications: CISSP, CISM, CISA, ISO 27001 Lead Auditor, Azure Security Engineer