Information Security Manager
Acumen Technology · Nashville, TN · 2 mo ago
HybridManagement$115k–$125k/yrFull-time
About the role
Acumen Technology is a security-first Managed Service Provider (MSP) founded in 2016, serving financial institutions, healthcare organizations, and other businesses that take IT and cybersecurity seriously. Our vCISO practice provides hands-on security leadership to organizations that need more than guidance—they need execution.
Responsibilities
- Serve as the primary point of contact for clients preparing for FDIC, OCC, NCUA, and state banking regulator IT examinations, owning the preparation process from start to finish.
- Organize and package audit requested items, complete pre-exam readiness checklists, and produce written summaries of control effectiveness that clients can hand directly to examiners.
- Review third-party audit findings and examination results, then draft formal written responses, corrective action plans, and remediation timelines on the client's behalf.
- Track open findings and recommendations to closure, producing status updates and evidence packages at each milestone.
- Maintain current knowledge of FFIEC IT Examination Handbook updates and translate regulatory changes into specific, actionable steps for each client.
- Document client check-ins using Microsoft Planner or a similar task management tool, ensuring all action items, deliverables, and blockers are clearly captured, assigned, and tracked through resolution.
- Lead clients through SOC 2 readiness assessments including scoping, gap analysis, control testing, and evidence collection.
- Build and maintain client control evidence libraries and audit packages, keeping documentation current between audit cycles.
- Coverage of external auditor coordination and serving as the primary point of contact throughout the audit process.
- Spend a morning walking a community bank through their pre-exam request list, then spend the afternoon drafting their written response findings.
- Design and facilitate a tabletop exercise for a bank's leadership team simulating a ransomware event, then write up the after-action report and deliver it within the week.
- Review vendor SOC 2 reports that came in for a client, assess the findings, and produce a risk summary the bank's risk committee can act on.
- Re-write a client's outdated Acceptable Use Policy and Information Security Policy to align with current FFIEC guidance and have both ready for board approval.
- Lead a SOC 2 readiness check-in with a professional services client, update their evidence tracker, and coordinate with their external auditor on outstanding items.
Requirements
- 3+ years of information security experience with a strong emphasis on hands-on program execution — risk assessments, policy writing, audit preparation, and control documentation.
- Direct experience completing SOC 2 readiness assessments and producing formal gap analysis and remediation documentation.
- Demonstrated ability to author professional-grade security deliverables - policies, risk assessments, remediation plans, board summaries - independently and to a high standard.
- Strong written communication skills; comfortable producing polished, client-facing documents without editorial support.
- Pristine record of managing multiple client engagements simultaneously with discipline, reliability, and follow-through.
- Active CISSP, CISM, CRISC, or equivalent certification.
- Direct experience preparing financial institutions for FDIC, OCC, or NCUA IT examinations and responding to regulatory findings.
- Familiarity with GRC platforms commonly used in financial services (e.g., Ncontracts, LogicManager, or similar).
- Experience with Microsoft 365 security controls as deployed in community bank and small-to-mid-market business environments.
- Background in an MSP, consulting firm, or multi-client security advisory practice.
What Success Looks Like
- Own and deliver at least two client engagements end-to-end — from intake meeting to finished deliverable — with high client satisfaction.
- Establish your working rhythm and task management system for managing a multi-client portfolio.
- Carry a full client portfolio with strong retention and client satisfaction scores.
- Guided at least one client through a table top exercise, 3rd party audit, a regulatory examination, or SOC 2 audit with documented, positive outcomes.
- The person clients call not just for advice, but because they know something finished will come back to them.
Benefits
- Annual salary between $115,000 - 125,000 depending on fit and experience.
- 100% employer paid health insurance (medical and dental) and first $1,000 of qualified medical expenses covered.
- Company Matching 401k.
- Flexible hybrid schedule.
- Fun working environment and culture with regular activities both for employees and their families.
- Family vacation bonus at 5th year.