Information Security Program Manager (Hybrid)

• Security program administration and maintenance: oversee and continuously improve Barr's information security program. Ensure that security measures are integrated across systems and that protective controls support the company's needs for performance, stability, and high availability.
• Cybersecurity subject matter expert: provide insight into developing and executing the company's security strategy. Stay current on emerging threat intelligence and cybersecurity trends, and advise the organization on mitigating new threats.
• Security governance and compliance: develop and maintain information security policies, standards, and procedures to ensure alignment with industry best practices and frameworks such as the NIST Cybersecurity Framework, ISO 27001, and NIST SP 800-171.
• Crisis management: plan, prepare for, and respond to security incidents or breaches, helping to coordinate containment, investigation, and recovery efforts to minimize damage and downtime. Support the company's Crisis Response Team in planning and response activities that relate to or rely on technology.
• Security monitoring and optimization: continuously monitor the IT environment for signs of security issues or vulnerabilities using appropriate tools and resources.
• Escalation-level technical support: serve as the first escalation point for potential security incidents.
• Vulnerability and patch management: lead proactive vulnerability management by conducting regular security scans and ensuring that processes and automated systems for the timely application of patches and/or upgrades are effective.
• Documentation and training: develop and maintain internal security documentation and provide technical training and guidance for IT staff and end users on security best practices.
• Audit support: maintain required documentation, perform internal security testing, and coordinate responses to audit findings or external audit requests.
• Security assessments: respond to external security questionnaires, assessment tools, and client security surveys.
• Program metrics and continuous improvement: track key security program metrics and use these insights to drive ongoing program improvements.

About the opportunity

• Hybrid: a hybrid work arrangement may be considered for this position. A hybrid work arrangement refers to splitting time worked between a Barr office and a home office. This position is based out of Barr's Minneapolis, Minnesota, office.
• Travel requirement: ability to occasionally travel to other offices and sites across the US and Canada.

For this position, you should be an analytical problem-solver with exceptional attention to detail and a passion for continuous learning. You are highly organized and leverage your technical expertise to implement robust security measures that safeguard system integrity and reliability. You can dig deep when needed while also maintaining a broad strategic perspective on the business. You possess a high degree of self-initiative, proactively leading security improvement and governance efforts, while also enjoying collaboration with technical and non-technical colleagues, always with a client-service mindset., * Education: bachelor's degree in computer science, information technology, or a related field or equivalent practical experience.

• Experience: 5+ years of related IT infrastructure or information security experience.
• Technical skills:
• Working knowledge of corporate network environments and technologies such as VMware virtualization, Microsoft Windows Server, Active Directory, and Group Policy management.
• Experience with cloud platforms such as Microsoft Azure, Microsoft 365, or Amazon Web Services (AWS) administration and support.
• Familiarity with scripting and automation tools (e.g., PowerShell, Python, Ansible) for system administration or security automation.
• Availability: willingness and ability to perform off-hours administrative changes and respond to emergencies or urgent issues outside of regular hours if needed.
• Work eligibility: must be legally authorized to work in the United States without the need for sponsorship by Barr, now or in the future.

Helpful additional experience (not required)

• Recognized security certifications demonstrating expertise and commitment to the field.
• Experience supporting external audits and compliance assessments (such as SOC2 audits, ISO 27001 certification processes, NIST 800-series compliance, or CMMC).

Compensation: Anticipated range of $100,000 to $125,000 annually. Compensation will vary based on relevant experience, education, skill level, and other compensable factors. Employees in this position may also be eligible for a discretionary cash bonus based on team and individual performance.

#LI-Hybrid

Benefits - what we offer

We are committed to providing an employee experience that attracts and retains top talent. That's why we offer a competitive package of employee benefits - including some unique offerings not found at other companies. At Barr, we also believe that learning doesn't stop when you get your degree, which is why we provide coaching, mentoring, and support for ongoing educational opportunities to foster professional development at every stage of your career.

• Competitive, affordable insurance plans: Medical, dental, vision, life, disability, accidental death insurance, and flexible spending accounts for medical and dependent care
• Retirement benefits: 401(k) retirement savings plan with company contribution and an Employee Stock Ownership Plan (ESOP) with company contribution in Barr stock
• Profit distribution: Barr has a "no retained earnings" model and distributes all profit to our employees through our annual bonus distribution plan, ESOP, and dividends to shareholders
• Professional development benefits: Annual time and expense allowances, mentorship program, and many internal training opportunities
• Work/life balance: Paid time off, holidays, overtime for non-exempt/hourly staff, and compensatory time for exempt/salaried staff (time off or pay for extra time worked), paid family leave
• Wellness focus: Ergonomic analysis and equipment, Personal Protective Equipment allowance, wellbeing-focused educational opportunities

Please note that benefits eligibility is determined and may change based on part-time, reduced-time, or full-time status.

Barr is seeking an information security program manager to join our Minneapolis, Minnesota, team. This position reports to the director of information systems. It is a hands-on role that works cross-functionally across teams, leading Barr's information security program. In this full-time role, you will manage the program, focusing on continuous improvement as the security threat environment evolves., At Barr, you'll join a community of engineers, scientists, and professionals who will help you achieve your ambitions and build a meaningful, rewarding career. You'll serve as a trusted advisor to clients who value Barr's tailored solutions and commitment to exceptional service. As part of our employee-owned firm, you'll contribute to a culture of commitment and camaraderie where staff can thrive as professionals. We value diverse perspectives and experiences and believe an inclusive workplace is critical to our success.