Information Security Operations Manager

Responsible for implementing and managing operational cybersecurity controls, including identity and access management, vulnerability management, and secure configurations. Accountable for maintaining secure configurations, enforcing least privilege, and ensuring compliance with security policies and frameworks. Collaborates with governance, architecture, and other teams for policy alignment and operational feasibility. Consulted on risk management, third‑party coordination, and strategic security initiatives.

• Implement and manage cybersecurity controls, including identity and access management, vulnerability management, and secure configurations.
• Assist with monitoring networks, systems, and user activity to detect and respond to potential cybersecurity threats.
• Participate in incident response and recovery plans, ensuring timely containment, mitigation, and communication.
• Perform vulnerability scanning, patch management, and remediation activities.
• Maintain configuration and change management processes to ensure compliance with security standards.
• Manage access controls, remote access, and enforce multi‑factor authentication.
• Design and validate controls for data at rest and in transit, implement integrity checks, and enforce secure data disposal.
• Collaborate with governance, security architecture, and internal/external partners to align operations with organizational risk strategy.
• Continuously improve detection, protection, and response processes to address evolving threats.
• Ensure compliance with regulatory requirements, maintain audit logs, and provide security reporting to leadership.
• Works a regular and predictable schedule.

• Timely remediation of identified vulnerabilities based on severity.
• Audit results showing compliance with internal policies, regulatory requirements, and frameworks.
• Percentage of changes implemented following approved security and configuration management processes.
• Positive feedback from governance, architecture, and incident response teams on coordination and information sharing.
• Implementation of process enhancements and adoption of new security technologies or practices.
• Timely and accurate submission of security metrics, incident reports, and compliance documentation.

EDUCATION / CERTIFICATION: Bachelor’s degree in Cybersecurity or related field or equivalent experience.

Certifications: CISSP, GIAC, Security+, CEH.

REQUIRED KNOWLEDGE: Knowledge of NIST CSF 2.0 or other cybersecurity frameworks.

Understanding of network security, identity and access management, vulnerability management, and SEIM and incident response processes.

Understanding of financial institution risk and operations.

Familiarity with regulatory and compliance requirements.

Minimum three years of experience in cybersecurity operation, penetration testing, or a related field.

Hands‑on experience with SIEM tools, endpoint protection, and intrusion detection/prevention systems.

Proven track record in incident response and threat analysis.

Working knowledge of the framework policy and regulatory environment of information security, especially in financial services.

A demonstrated ability to work collaboratively with a broad range of constituencies essential.

Strong problem‑solving and critical‑thinking skills.

Good interpersonal and supervisory skills.

Solid technical expertise skills.

Excellent communication and collaboration abilities for cross‑functional coordination.

Ability to manage multiple priorities in a fast‑paced environment.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.