Senior IT Security Manager I

Goformz, Inc.
San Diego, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 170K

Job location

San Diego, United States of America

Tech stack

Microsoft Windows
Microsoft Active Directory
Amazon Web Services (AWS)
Software System Penetration Testing
Azure
Software as a Service
Cloud Computing
CompTIA Security+
Computer Security
System Configuration
Multi-Factor Authentication
Identity and Access Management
Information Security Management
Information Technology Operations
Virtual Private Networks (VPN)
Network Architecture
PCI Data Security Standards
Phishing
Zero Trust Network Access
Runbook
Security Information and Event Management
Wireless Access Point
Cloud Platform System
Firewalls (Computer Science)
Microsoft InTune
Casper Suite
Gsuite
CIS Benchmarks
Vulnerability Analysis

Job description

We are looking for a hands-on Senior IT Security Manager to own our cybersecurity posture while providing tactical IT operations support. This is a senior individual contributor role with potential team leadership responsibilities as the organization grows. The right candidate thrives in a small-team environment, is comfortable wearing multiple hats, and brings deep security expertise alongside solid IT fundamentals.

Approximately 75% of this role is focused on cybersecurity - strategy, implementation, monitoring, and compliance. The remaining 25% covers core IT support and systems administration to keep the organization running smoothly., * Own and continuously mature the organization's information security program, policies, and roadmap

  • Develop, implement, and enforce security policies, standards, and procedures aligned with industry frameworks (NIST CSF, ISO 27001, CIS Controls, or equivalent)
  • Conduct regular risk assessments and maintain a risk register; prioritize remediation based on business impact

Threat Detection & Incident Response

  • Monitor, triage, and respond to security events and alerts across endpoints, network, cloud, and SaaS environments
  • Own the incident response plan; lead investigation, containment, and post-incident review for security events
  • Manage vulnerability scanning programs and drive timely remediation with internal stakeholders

Security Architecture & Engineering

  • Evaluate, deploy, and manage security tooling (EDR, SIEM, MFA/SSO, email security, DLP, firewall, VPN, etc.)
  • Provide security guidance on cloud infrastructure (Azure/GCP), SaaS adoption, and new technology onboarding
  • Oversee identity and access management (IAM) including provisioning, deprovisioning, and least-privilege enforcement

Compliance & Third-Party Risk

  • Lead and support compliance efforts for applicable frameworks or regulations (SOC 2, HIPAA, PCI-DSS, CMMC, GDPR, etc.)
  • Manage the vendor security review process and maintain third-party risk inventory
  • Coordinate with external auditors, penetration testers, and security consultants

Security Awareness

  • Develop and run the organization's security awareness training program
  • Conduct phishing simulations and track outcomes; deliver targeted education where needed
  • Act as a security advocate internally - advising leadership and employees on security best practices, * Serve as escalation point for complex IT support issues across hardware, software, and connectivity
  • Administer core systems: Microsoft 365 / Google Workspace, Active Directory / Entra ID, MDM (Intune, Jamf, or similar)
  • Manage software vendor relationships
  • Manage user lifecycle (onboarding/offboarding), device provisioning, and access reviews
  • Maintain IT asset inventory and ensure systems remain patched and up to date
  • Support network infrastructure including firewalls, switches, and wireless access points
  • Document IT processes, runbooks, and system configurations

Requirements

  • 7+ years of progressive IT and cybersecurity experience, with at least 3 years in a senior or lead security role
  • Demonstrated experience managing security programs end-to-end in a resource-constrained environment
  • Hands-on experience with security tools: EDR, SIEM, vulnerability scanners, email security gateways, payment fraud systems, and identity platforms
  • Working knowledge of one or more compliance frameworks (SOC 2, NIST, ISO 27001, etc.)
  • Strong incident response skills - you've handled real events, not just tabletops
  • Prior involvement in security audits, penetration tests, or regulatory reviews
  • Experience administering Microsoft 365 or Google Workspace and cloud environments (AWS, Azure, or GCP)
  • Experience managing security and compliance planforms, such as Drata
  • Excellent written and verbal communication; able to present risk to non-technical leadership clearly

Preferred

  • Relevant certifications: CISSP, CISM, Security+, CEH, GCIA, GCIH, or equivalent
  • Experience at a company with 50-500 employees; comfortable being the primary security resource
  • Familiarity with zero trust architecture principles
  • Experience managing or mentoring junior IT/security staffPhysical Requirements:
  • Prolonged periods of sitting at a desk and working on a computer.
  • Must be able to lift up to 25 pounds at times.

Apply for this position