Sr Manager, Information Security
ST Engineering iDirect · Herndon, VA · Yesterday
Information TechnologyFull-time
Responsibilities
- Lead day-to-day execution of the enterprise information security program in alignment with company strategy and risk posture.
- Oversee security operations including monitoring, vulnerability management, incident response, root-cause analysis, and remediation tracking.
- Manage implementation and continuous improvement of the ISO27001-based Information Security Management System (ISMS).
- Ensure ongoing compliance with applicable regulatory requirements, industry standards, and customer security expectations, including emerging product security regulations such as the Cyber Resilience Act.
- Cook up and evolve IT and product security policies, standards, procedures, and technical baselines.
- Drive security awareness initiatives and promote a culture of secure-by-design and shared responsibility across the organization.
- Serve as the operational owner for Cyber Resilience Act readiness, interpretation, and implementation across products, platforms, and services.
- Partner with engineering and product teams to ensure security and resilience requirements are embedded throughout the full product lifecycle, from design through end-of-life.
- Track and manage security vulnerabilities impacting products, including prioritization, remediation tracking, customer communication, and regulatory reporting as required.
- Act as a primary liaison with Legal, Compliance, Engineering, and Product leadership on CRA-related and product security regulatory matters.
- Maintain subject-matter expertise in product security standards, vulnerability management practices, and security maturity models.
Qualifications
- Bachelor’s degree in Computer Science, Engineering, Information Systems, Cybersecurity, or a related field; advanced degree preferred.
- Seven or more years of experience in information security, cybersecurity, IT risk, or product security roles.
- Hands-on experience with security governance frameworks and compliance programs such as ISO27001, NIST, SOC, and emerging product security regulations.
- Demonstrated experience working closely with engineering and product teams on secure development lifecycle and vulnerability management.
- Familiarity with product security regulations including the Cyber Resilience Act or equivalent global frameworks.
- Strong analytical, organizational, and communication skills, with the ability to translate regulatory requirements into actionable controls.
- Proven ability to manage multiple initiatives, influence cross-functional stakeholders, and drive execution in a global environment.