Information Security Manager

Summary The Information Security Manager is responsible for leading and executing the organization's information security program, balancing governance, compliance, and hands-on technical security responsibilities. This role provides leadership to a team of security associates while partnering closely with IT, Engineering, and business stakeholders to identify, manage, and reduce security risk. The Information Security Manager ensures compliance with regulatory and customer security requirements, supports secure operations across systems and platforms, and contributes to a strong culture of security awareness and accountability across the organization. Employees in this role are expected to perform their duties in accordance with The Way We Work, helping to create a company where innovation and care drive meaningful connections. Duties & Responsibilities Essential Functions Develop, implement, and maintain the company's information security program, including security policies, standards, and control objectives. Provide leadership and day-to-day management for an assigned team of security associates, including work direction, coaching, performance feedback, and support of professional development. Conduct and lead information security risk assessments across applications, infrastructure, and third parties; maintain a risk management framework to identify, assess, document, prioritize, and track remediation of security risks. Oversee and perform (as needed) threat detection, vulnerability management, and incident response activities, including investigation coordination, root cause analysis, remediation tracking, and post-incident reviews. Own and manage the PCI DSS compliance lifecycle, including control implementation and validation, assessment coordination, evidence collection, and remediation of findings. Lead SOC 2 readiness, audits, and ongoing compliance by maintaining control documentation and mappings, coordinating evidence collection with cross-functional teams, and serving as the primary liaison to external auditors and assessors. Assess, monitor, and report third-party and vendor security risk, including due diligence reviews, security requirement input, and ongoing risk monitoring as applicable. Provide hands-on security support for cloud and networked environments (e.g., Azure and application networking), including reviewing configurations, recommending or implementing security controls, and partnering with IT and Engineering to remediate identified issues. Partner with Engineering to implement and validate application security requirements (e.g., OWASP-aligned controls), support secure development practices, identify security gaps, and track remediation to closure. Additional Responsibilities Manage security awareness and training to support required policies, acceptable use practices, and security responsibilities across the organization. Support initiatives that enhance the security of associates, partners, systems, and integrations through collaboration, adherence to security practices, and continuous improvement. Work collaboratively with internal departments to support secure operations and a high standard of service for internal and external stakeholders. Contribute to the onboarding and training of new associates by sharing security practices, standards, and role-appropriate guidance. Promote and reinforce appropriate workplace behavior in accordance with company policies, procedures, and management guidance. Resolve routine and moderately complex issues within scope of responsibility and communicate resolutions or required information to impacted parties. To remain innovative and efficient, the use of AI is typical and expected within this role and at Basys. Perform other related duties as assigned, consistent with the nature and level of the role. Requirements This role is eligible for a hybrid schedule. Up to 2 days per week may be worked remotely in accordance with the telecommuting policy. A commitment to Strong communication both written and verbal with ability to translate security to business stakeholders. Strong problem-solving skills and use of judgement. Accountability and ownership for assigned tasks and follow-through. Quality, accuracy, and attention to detail. Continuous improvement and learning. Education & Experience Bachelor's degree in Computer Science, Information Technology, Business Administration or other related fields is preferred. 5–8+ years in information security, cybersecurity, or GRC. 2-4+ years management experience. Experience with PCI DSS. Experience with SOC 2 audits/readiness. Familiarity with frameworks like NIST CSF and ISO 27001. Experience with security tools/vendors (SIEM, endpoint, vulnerability management). J-18808-Ljbffr