Senior Manager, Information Security

Senior Manager Of Information TechnologyThe Senior Manager of Information Technology is responsible for IT governance, risk, compliance, and operational readiness across Onto Innovation's global environment. Reporting to the Senior Director of IT and Security, this role leads regulatory compliance initiatives, cybersecurity posture management, incident response readiness, business continuity and disaster recovery programs, vulnerability management, vendor and partner risk management, and contributes to Onto's multi-year IT and security strategy. Key ResponsibilitiesCompliance & GovernanceLead IT compliance programs aligned to ISO/IEC 27001, CMMC Level 2, SEMI E187, and SOX IT controls. Translate regulatory requirements into actionable policies, standards, procedures, and audit evidence. Drive audit readiness, internal assessments, remediation activities, and continuous compliance improvement. Partner with Legal, HR, Compliance, Finance, Facilities, Operations, Service, and Engineering teams on enterprise risk initiatives. Cybersecurity Posture & Vulnerability ManagementOwn and mature cybersecurity posture management practices across infrastructure, endpoints, and cloud services. Oversee vulnerability management programs, including risk-based prioritization, remediation tracking, and executive reporting. Partner with Infrastructure, Security Operations, and Engineering teams to reduce attack surface and improve resilience. Drive our IT Security program forward with a defense in depth and continuous improvement mindset. Continuously assess and validate security controls effectiveness and drive improvements based on threat intelligence and risk trends. Incident Response & ReadinessOwn incident response planning and execution for IT and cybersecurity incidents. Design and lead tabletop exercises, purple team drills, and post-incident reviews. Maintain incident response playbooks, escalation paths, and executive communications. Drive continuous improvement through lessons learned and after-action reviews. Business Continuity & Disaster RecoveryOwn and mature Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP). Define and validate RTO/RPO objectives across hybrid on-prem and cloud environments. Lead and coordinate DR testing, recovery exercises, and continuous improvement efforts. Vendor, Partner & Supply-Chain Risk ManagementLead vendor, partner, and supply-chain IT and cybersecurity risk management programs. Define security requirements for vendors, contract manufacturers, and extended factory partners. Oversee onboarding assessments, remediation tracking, and ongoing risk reviews. Support vendor audits, security reviews, and contractual security obligations in partnership with Procurement and Legal. Strategic Planning & Continuous ImprovementContribute to the development and execution of Onto's 3-year IT and Security strategic roadmap. Apply a continuous improvement mindset to compliance, security posture, incident readiness, and resilience programs. Identify capability gaps, emerging risks, and investment priorities across people, process, and technology. Support annual planning, budgeting, and executive reporting tied to multi-year strategy. Agile, Global IT LeadershipOperate within an Agile, globally distributed IT organization. Develop metrics, dashboards, and executive reporting for compliance, cybersecurity posture, and operational readiness. Influence cross-functional teams through collaboration, leadership, and subject-matter expertise. Qualifications10+ years of progressive experience in IT leadership, cybersecurity, or enterprise risk management. Demonstrated leadership of ISO 27001, CMMC Level 2, and SOX IT control programs. Experience contributing to multi-year (3+ year) IT or security strategic planning and roadmaps. Hands-on experience with cybersecurity posture management and vulnerability management programs. Strong understanding of incident response, BCP/DRP, and operational resilience in hybrid IT environments. Experience managing vendors, partners, and supply-chain IT/security risk. Strong executive communication, stakeholder management, and continuous improvement mindset. Preferred QualificationsExperience with SEMI E187/E188 or manufacturing-focused frameworks. Familiarity with NIST CSF, NIST 800-53, or NIST 800-171. Experience supporting global operations across North America, Europe, and APAC. Background in semiconductor, advanced manufacturing, or IP-sensitive industries. Experience translating strategy into measurable OKRs, KPIs, and risk metrics. Leadership CompetenciesContinuous improvement and risk-based decision-making mindset. Executive presence and calm decision-making under pressure. Ability to balance long-term strategy with near-term execution. Strong collaboration across technical, business, and partner organizations. High integrity, accountability, and operational discipline. Why Join Onto Innovation? At Onto Innovation, we believe your work should matterand so should your well-being. That's why we offer competitive salaries and a comprehensive benefits package designed to support you and your family. From health, dental, and vision coverage to life and disability insurance, PTO, and a 401(k) with employer match, we've got you covered. You'll also enjoy access to our Employee Stock Purchase Program (ESPP), wellness initiatives, and cutting-edge toolsall within a collaborative, inclusive culture where your contributions are valued and recognized. Compensation & Growth Base Salary Range: $120,000.00 - $180,000.00, offered in good faith and based on experience, location, and qualifications. Additional Rewards: Annual bonus opportunities and potential long-term incentives tied to both company and individual success. Empowering Every Voice to Shape the Future: Onto Innovation is committed to creating a workplace where every qualified candidate has an equal opportunity to succeed. We evaluate applicants based on skills, experience, and potential - without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, veteran status, or any other characteristic protected by law. We believe diversity of thought and background drives innovation and strengthens our team. Important Note on Export Compliance For certain positions requiring access to technical data, U.S. export licensing review may be necessary for applicants who are not U.S. Citizens, Permanent Residents, or other protected persons under 8 U.S.C. 1324b(a)(3).