IT Security Manager
Angeion Group · Philadelphia, PA · 3 wk ago
On-siteInformation TechnologyFull-time
Key Responsibilities
- Develop and maintain the organization’s information security policies, standards, and procedures.
- Conduct risk assessments and define mitigation strategies aligned with business goals.
- Lead the implementation of cybersecurity frameworks such as NIST, ISO 27001, or CIS Controls.
- Ensure alignment with regulatory and industry compliance standards (GDPR).
- Manage endpoint, network, cloud, and application security operations.
- Oversee security monitoring, logging, and SIEM platforms (e.g. Crowdstrike, AWS CloudWatch, CloudTrail).
- Direct vulnerability management and patch compliance programs.
- Lead incident response planning, tabletop exercises, and post-incident reviews.
- Maintain and test disaster recovery (DR) and business continuity (BC) security elements.
- Manage IAM systems, privileged access, and role-based access controls.
- Ensure secure integration with Microsoft Entra ID / Azure AD, Active Directory, and SSO platforms.
- Build and maintain a security awareness program across the organization.
- Work towards securing Soc2 Type 2 Certification.
- Manage phishing simulations and targeted education for high-risk departments.
- Lead, mentor, and develop a team of security professionals.
- Collaborate with IT, compliance, HR, and legal teams to ensure unified risk management.
- Provide executive reporting on cybersecurity posture, KPIs, and incidents.
- Evaluate, procure, and manage cybersecurity tools and third-party vendors.
- Conduct vendor risk assessments and ensure contractual security obligations are met.
- Complete Vendor Information Security Questionnaires and Intake Sheets.
Required Skills & Qualifications
- Bachelor's degree in Computer Science, Information Security, or related field.
- 3–5 years of experience in IT security or related roles, with at least 1 year in a management or leadership position.
- Strong knowledge of: Firewalls, EDR/XDR, SIEM, DLP, IDS/IPS, and encryption technologies.
- Cloud security (Azure, AWS, Microsoft 365).
- Identity and Access Management (IAM) systems.
- Experience implementing, managing, or auditing against security frameworks and compliance standards, including NIST CSF, ISO 27001, CIS Controls, SOC 2, and UK/international regulatory and data protection requirements (including UK GDPR and Cyber Essentials/Cyber Essentials Plus, where applicable).
- Experience supporting security governance, risk assessments, compliance audits, and remediation efforts across domestic and international environments.
- Excellent communication, project management, and leadership skills.