Security Manager, CxM

This is a fully remote position, open to applicants in Maryland.

📋 Description

• Take charge of information security for client solutions and Practice Area technologies, collaborating with essential stakeholders to provide secure products and services to clients, which include both on-premises and cloud infrastructure components.

• Integrate security controls, patterns, and tools into product and solution teams throughout all phases of the secure development lifecycle (SDLC), with a strong emphasis on shift-left practices.

• Supervise security assurance for products and solutions, assessing the implementation and effectiveness of security controls.

• Identify, evaluate, and manage security weaknesses, vulnerabilities, and risks from various sources (e.g., security testing, threat intelligence, and audits), ensuring an appropriate response and management of these issues (e.g., treatment plans, remediation actions, and risk acceptance where applicable).

• Lead the Practice Area's delivery of relevant global security and transformation initiatives, ensuring successful execution and alignment with Practice Area priorities and client needs.

• Provide incident support for the Practice Area to Cyber Operations, acting as a security subject matter expert (SME) for the business division and assisting with investigations.

• Assist with client security requests, which may include RFIs, audits, and security questionnaires.

⛳️ Requirements

• Relevant security certifications or equivalent experience, such as CISSP, CISM (or similar).

• Experience in product/application security, including familiarity with common security issues such as the OWASP top 10.

• Proficiency across various security frameworks (e.g., ISO 27001, NIST CSF, SOC2).

• Proven expertise in security risk assessment for technical products and solutions, including the capability to support design, development, and implementation of suitable security controls.

• Strong understanding of modern technologies, architectures, and engineering practices, including cloud-native patterns, APIs, CI/CD, and DevOps methodologies.

• Extensive knowledge across core security domains and principles, particularly secure design.

• Solid SDLC knowledge with hands-on experience in embedding security early (“shift left”) through patterns, controls, tools, and consultancy.

• Exceptional stakeholder management and interpersonal skills, capable of influencing and communicating effectively with both technical and non-technical audiences.

• Outstanding written and verbal communication skills, including the ability to produce clear security guidance, risk briefs, and assurance outcomes.

• Experience working in a matrixed organization, aligning and delivering across multiple teams, priorities, and stakeholders.

• Comfortable managing uncertainty, ambiguity, and change, making sound decisions and recommendations with incomplete information.

• Experience with PCI / PCI DSS (advantageous).

🏝️ Benefits

• Health insurance

• 401(k) matching

• Paid time off

• Flexible work arrangements