
Information Security Manager
Posted Jun 19

Posted Jun 19
This is a fully remote position, open to applicants in United States.
• Security Program Management: Oversee and implement the organization's information security program, encompassing policies, procedures, controls, security standards, risk assessments, remediation tracking, and continuous security enhancements.
• Hands-On Security Operations: Conduct daily security operations, including monitoring security tools, assessing alerts, investigating suspicious activities, coordinating remediation efforts, managing vulnerabilities, and enhancing both detective and preventive controls.
• Security Architecture & Technical Controls: Evaluate, deploy, and sustain security controls across enterprise systems, which include infrastructure, endpoints, identity platforms, cloud environments, field service applications, mobile devices, and the Microsoft Azure and Microsoft 365 ecosystems.
• Incident Response: Uphold and execute the organization's incident response protocol. Investigate security incidents, coordinate containment and remediation actions, document events, and collaborate with internal teams and external partners as necessary.
• Field Service Security Support: Recognize and mitigate cybersecurity risks associated with field service scheduling systems, mobile device usage, remote workforce access, geographically dispersed operations, and field technician workflows.
• Vulnerability & Risk Management: Conduct or coordinate vulnerability assessments, risk reviews, security control evaluations, and remediation actions, prioritizing findings based on business impact, likelihood, and operational risk.
• Identity, Access & Endpoint Security: Enhance identity and access management practices, including user access reviews, privileged access controls, multi-factor authentication, conditional access, endpoint security, and device compliance.
• Microsoft Azure & Microsoft 365 Security: Set up, monitor, and enhance security across Microsoft Azure and Microsoft 365 environments, including Entra ID, Defender, Purview, Exchange Online, SharePoint, Teams, Intune, and related security features.
• Disaster Recovery & Business Continuity Support: Contribute to disaster recovery and business continuity planning from a cybersecurity viewpoint. Assist with backup protection, recovery testing, ransomware readiness, and resilience planning.
• Governance, Compliance & Documentation: Maintain security documentation, policies, procedures, standards, risk registers, audit evidence, and compliance-related materials, ensuring alignment with relevant cybersecurity best practices and business requirements.
• Security Awareness & Training: Foster a culture of practical security awareness throughout the organization, including field technicians, office personnel, operations teams, and business users. Support phishing simulations, user education, and security communications.
• Vendor & Third-Party Security: Aid in security evaluations of vendors, service providers, software platforms, and third-party integrations. Monitor risks and coordinate follow-up remediation as necessary.
• Collaboration with IT & Business Teams: Collaborate closely with infrastructure, applications, service desk, operations, and business stakeholders to identify security needs, address issues, and implement effective security enhancements.
• A minimum of 5+ years of practical experience in cybersecurity, information security, infrastructure security, systems administration, or a related technical field.
• Proven capability to manage and execute essential security functions independently, without the support of a large internal security team.
• Strong technical background in incident response, vulnerability management, endpoint security, identity and access management, security monitoring, and threat mitigation.
• Comprehensive understanding of cybersecurity principles, common attack methods, security controls, risk management, and infrastructure hardening.
• Practical experience in securing Microsoft Azure and Microsoft 365 environments, including the development and maintenance of automation scripts.
• Familiarity with Microsoft security tools such as Microsoft Defender, Entra ID, Intune, Purview, Sentinel, or similar technologies is preferred.
• Experience in supporting security in environments with remote workers, mobile devices, distributed locations, or field service operations is strongly preferred.
• Ability to assess security risks and propose practical, business-aligned remediation strategies.
• Exceptional documentation skills, including the ability to maintain policies, procedures, standards, incident records, and risk registers.
• Comfortable communicating security topics to both technical and non-technical audiences.
• Capable of working independently, prioritizing tasks effectively, and driving security initiatives to completion.
• Experience with disaster recovery, business continuity, backup protection, and ransomware preparedness is preferred.
• Security certifications such as CISSP, CISM, CISA, Security+, CySA+, GSEC, or comparable credentials are preferred but not mandatory.
• Certifications in infrastructure, cloud, or Microsoft technologies are a plus.
• 401(k) plan with company match
• Medical insurance
• Dental insurance
• Vision insurance
• FSA/HSA
• PerkSpot
• Long-Term Disability and Life Insurance
• Paid time Off
• Tuition Reimbursement (after one year of service)
FlexPoint
True Footage
Division of Student Life at the University of Tennessee, Knoxville
Get handpicked remote jobs straight to your inbox weekly.