Jobs · Management · Tennessee

Information Security Manager

Acumen Technology · Nashville, TN · 2 mo ago
HybridManagement$115k–$125k/yrFull-time

About the role

Acumen Technology is a security-first Managed Service Provider (MSP) founded in 2016, serving financial institutions, healthcare organizations, and other businesses that take IT and cybersecurity seriously. Our vCISO practice provides hands-on security leadership to organizations that need more than guidance—they need execution.

Responsibilities

  • Serve as the primary point of contact for clients preparing for FDIC, OCC, NCUA, and state banking regulator IT examinations, owning the preparation process from start to finish.
  • Organize and package audit requested items, complete pre-exam readiness checklists, and produce written summaries of control effectiveness that clients can hand directly to examiners.
  • Review third-party audit findings and examination results, then draft formal written responses, corrective action plans, and remediation timelines on the client's behalf.
  • Track open findings and recommendations to closure, producing status updates and evidence packages at each milestone.
  • Maintain current knowledge of FFIEC IT Examination Handbook updates and translate regulatory changes into specific, actionable steps for each client.
  • Document client check-ins using Microsoft Planner or a similar task management tool, ensuring all action items, deliverables, and blockers are clearly captured, assigned, and tracked through resolution.
  • Lead clients through SOC 2 readiness assessments including scoping, gap analysis, control testing, and evidence collection.
  • Build and maintain client control evidence libraries and audit packages, keeping documentation current between audit cycles.
  • Coverage of external auditor coordination and serving as the primary point of contact throughout the audit process.
  • Spend a morning walking a community bank through their pre-exam request list, then spend the afternoon drafting their written response findings.
  • Design and facilitate a tabletop exercise for a bank's leadership team simulating a ransomware event, then write up the after-action report and deliver it within the week.
  • Review vendor SOC 2 reports that came in for a client, assess the findings, and produce a risk summary the bank's risk committee can act on.
  • Re-write a client's outdated Acceptable Use Policy and Information Security Policy to align with current FFIEC guidance and have both ready for board approval.
  • Lead a SOC 2 readiness check-in with a professional services client, update their evidence tracker, and coordinate with their external auditor on outstanding items.

Requirements

  • 3+ years of information security experience with a strong emphasis on hands-on program execution — risk assessments, policy writing, audit preparation, and control documentation.
  • Direct experience completing SOC 2 readiness assessments and producing formal gap analysis and remediation documentation.
  • Demonstrated ability to author professional-grade security deliverables - policies, risk assessments, remediation plans, board summaries - independently and to a high standard.
  • Strong written communication skills; comfortable producing polished, client-facing documents without editorial support.
  • Pristine record of managing multiple client engagements simultaneously with discipline, reliability, and follow-through.
  • Active CISSP, CISM, CRISC, or equivalent certification.
  • Direct experience preparing financial institutions for FDIC, OCC, or NCUA IT examinations and responding to regulatory findings.
  • Familiarity with GRC platforms commonly used in financial services (e.g., Ncontracts, LogicManager, or similar).
  • Experience with Microsoft 365 security controls as deployed in community bank and small-to-mid-market business environments.
  • Background in an MSP, consulting firm, or multi-client security advisory practice.

What Success Looks Like

  • Own and deliver at least two client engagements end-to-end — from intake meeting to finished deliverable — with high client satisfaction.
  • Establish your working rhythm and task management system for managing a multi-client portfolio.
  • Carry a full client portfolio with strong retention and client satisfaction scores.
  • Guided at least one client through a table top exercise, 3rd party audit, a regulatory examination, or SOC 2 audit with documented, positive outcomes.
  • The person clients call not just for advice, but because they know something finished will come back to them.

Benefits

  • Annual salary between $115,000 - 125,000 depending on fit and experience.
  • 100% employer paid health insurance (medical and dental) and first $1,000 of qualified medical expenses covered.
  • Company Matching 401k.
  • Flexible hybrid schedule.
  • Fun working environment and culture with regular activities both for employees and their families.
  • Family vacation bonus at 5th year.

Similar jobs