Security Manager, CxM

📋 Description

• Take charge of information security for client solutions and Practice Area technology, collaborating with essential stakeholders to provide secure products and services to clients, which include both on-premises and cloud infrastructure components.

• Integrate security controls, patterns, and tools into product and solution teams throughout all phases of the secure development lifecycle (SDLC), with a strong emphasis on shift-left methodologies.

• Supervise security assurance for products and solutions, assessing the implementation and effectiveness of security controls.

• Identify, evaluate, and manage security vulnerabilities, weaknesses, and risks from various sources (e.g. security testing, threat intelligence, and audits), ensuring appropriate responses and management of these issues (e.g. treatment plans, remediation actions, and risk acceptance where necessary).

• Lead the Practice Area's implementation of relevant global security and transformation initiatives, ensuring successful execution and alignment with Practice Area objectives and client needs.

• Provide incident support to Cyber Operations for the Practice Area, serving as a security subject matter expert (SME) for the business division and assisting in investigations.

• Assist with client security inquiries, including but not limited to RFIs, audits, and security questionnaires.

⛳️ Requirements

• Relevant security certifications or equivalent experience, such as CISSP, CISM (or similar).

• Experience in product/application security, covering common security issues like the OWASP top 10.

• Familiarity with various security frameworks (e.g. ISO 27001, NIST CSF, SOC2).

• Proven expertise in security risk assessment for technical products and solutions, including the capacity to support the design, development, and implementation of suitable security controls.

• Strong understanding of modern technologies, architectures, and engineering practices, including cloud-native patterns, APIs, CI/CD, and DevOps methodologies.

• Extensive knowledge across fundamental security domains and principles, such as secure design.

• Solid SDLC knowledge with hands-on experience in embedding security early (“shift left”) through patterns, controls, tools, and consultancy.

• Exceptional stakeholder management and interpersonal abilities, capable of influencing and effectively communicating with both technical and non-technical audiences.

• Superior written and verbal communication skills, including the ability to produce clear security guidance, risk briefs, and assurance outcomes.

• Experience working in a matrixed organization, aligning and delivering across multiple teams, priorities, and stakeholders.

• Comfortable navigating uncertainty, ambiguity, and change, making sound decisions and recommendations with incomplete information.

• Experience with PCI / PCI DSS is a plus.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Paid time off

• Flexible work arrangements