IT Security Manager

The IT Security Manager will lead our Government, Risk, and Compliance (GRC) function. This critical role is responsible for developing our enterprise GRC strategy and leading a team of security professionals. The ideal candidate is both a strategic planner and a hands-on leader, capable of managing our Risk Management process, security audits and most importantly, aligning security initiatives with key business objectives.

What you will do:

• GRC & Policy Leadership: Manage the enterprise-wide Government, Risk, and Compliance (GRC) strategy. Direct the creation, review, and maintenance of all information security policies, standards, and procedures to align with business goals and regulatory requirements.
• Risk & Vulnerability Management: Oversee the complete information security risk lifecycle, including the identification, assessment, tracking, and remediation of risks. Manage the third-party (vendor) risk program. Oversee vulnerability management program to ensure proper patch management of systems.
• Compliance & Audit Facilitation: Act as the primary point of contact for all internal and external information security audits. Manage and coordinate compliance activities, ensuring adherence to laws and frameworks like SOX, PCI-DSS, and various privacy regulations.
• Security Awareness: Oversee the development and implementation of the company-wide security awareness and training program.
• Security Architecture & Engineering: Oversee the technical security infrastructure for systems, networks, databases, and cloud services. Define and own the security technology roadmap, analyzing tradeoffs between usability, security, and performance.
• Team & Resource Management: Lead, recruit, train, and mentor the information security team. Manage the team's tactical workload and project priorities, collaborating with other IT leaders to resolve resource constraints.
• Stakeholder Collaboration & Reporting: Collaborate closely with IT, Legal, and business unit leaders to build strong relationships and ensure security is a business enabler. Regularly report on risk, incidents, and program maturity to executive leadership.
• Threat Intelligence & Research: Research and analyze current cybersecurity trends, threats, and breaches to provide guidance on best practices and proactively update internal plans and security postures.
• Project Delivery: Engage in GFS' SAFe agile planning activities to successfully execute both security driven projects and to work with IT partners to resolve vulnerabilities within the technology solutions they own.
• Security Operations & Incident Response: Partner with our Security Operations team to ensure we are focused on the most important threats to be addressed.
• Incident Management: When necessary, assist with the investigation, reporting, and resolution of security incidents, ensuring a timely and effective response to mitigate risk.

When you will work:

• Monday to Friday, 8 am to 5 pm
• Hybrid schedule, with 4 days in office in Wyoming, MI and 1 day remote

• Leadership & Team Building: Proven ability to lead, motivate, guide, and develop a high-performing team of technical security professionals.
• Communication & Relationship Building: Excellent verbal, written, and interpersonal communication skills. Must have the ability to build strong relationships at all levels, across all business units, and explain the business impact of complex security topics to non-technical stakeholders.
• Framework & Legal Knowledge: Knowledge of GRC frameworks (e.g. NIST Cyber Security Framework) and familiarity with regulatory requirements such as Sarbanes-Oxley (SOX) and PCI-DSS.
• Technical Security Expertise: Experience with vulnerability scanning, penetration testing, operating system internals, network protocols, security operations, incident response methodologies, and cryptography.
• Strategic & Critical Thinking: Must be a critical thinker with strong problem-solving skills. Possess the poise and ability to act calmly and competently in high-pressure, high-stress situations (e.g., during a major security incident).
• Familiarity with Security Information and Event Management (SIEM) tools preferred
• Strong understanding of the business impact of security tools, technologies, and policies preferred
• Bachelor's Degree in Information Technology or related field required
• Eight years previous information technology experience with two years previous supervisory experience strongly preferred