Cyber Security Manager

Cyber Security Manager

$140K-$170K

Durham, NC

Permanent

Overview:

We are seeking an Information Security Manager to lead security operations and compliance programs across the organization. This is a hands-on individual contributor role designed for a senior technical security professional ready to take ownership of a comprehensive security program, with the opportunity to grow into a leadership position as the function scales. The successful candidate will bring a balance of deep technical expertise and program-level compliance experience. This role will own day-to-day security tooling, lead a NIST-aligned compliance program, develop policies in emerging technology areas including artificial intelligence, and maintain visibility into systems and assets across the environment. The position reports directly to executive leadership and partners closely with IT, Legal, HR, and business stakeholders

Responsibilities

• Security Operations & Engineering Endpoint Security: Administer and optimize Microsoft Defender across the endpoint environment, including policy configuration, alert triage, incident response, and reporting.
• Network and Access Security: Manage the Zscaler platform (ZIA/ZPA), including policy development, traffic inspection, access controls, and integration with identity systems
• SIEM Operations: Own SIEM administration, detection engineering, log source onboarding, alerting, incident workflows, dashboards, and operational metrics
• Vulnerability Management: Lead vulnerability scanning efforts across AWS, Azure, and on-premises environments. Prioritize, track, and validate remediation activities in partnership with IT and engineering teams
• Patch Management: Maintain endpoint patching programs, reporting, exception tracking, and service-level compliance
• Digital Forensics & Incident Response: Investigate security events, perform forensic analysis, document findings, and coordinate response activities with internal and external stakeholders

Compliance & Governance:

• NIST-Based Security Program: Maintain and continuously improve a security program aligned with the NIST Cybersecurity Framework, including controls mapping, evidence collection, gap analysis, and remediation tracking.
• Policy Management: Own the security policy library, ensuring policies and standards are current, reviewed regularly, approved appropriately, and effectively communicated.
• AI Governance: Develop and maintain policies governing AI usage, acceptable use standards, and evaluation processes for new AI technologies in coordination with Legal and IT teams
• System Inventory Management: Build and maintain an authoritative inventory of systems, applications, data flows, and ownership records
• Audit & Assessment Support: Lead responses to internal and external audits, customer security reviews, and regulatory assessments. Manage remediation efforts through closure
• Risk Management: Identify, document, assess, and track information security risks while providing mitigation recommendations and reporting residual risk to leadership

Leadership & Cross-Functional Partnership:

• Stakeholder Engagement: Partner with IT, Legal, HR, and business leaders to provide practical security guidance that balances risk management with business objectives
• Security Awareness: Lead security awareness initiatives, including phishing simulations, training programs, and ongoing employee communications
• Vendor & Third-Party Risk Management: Assess and manage security risks associated with vendors, contractors, and third-party service providers.
• Future Team Leadership: Establish the foundation for a scalable security organization and, as the function grows, recruit, mentor, and lead security professionals.

Required Education & Experience:

• Demonstrated use of AI technologies to enhance and scale security operations, with an AI-first mindset for Security Operations.
• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent professional experience.
• 5 years of progressive experience in information security with expertise in security operations, engineering, or oth.
• Hands-on administration and tuning experience with Microsoft Defender (Endpoint, Identity, and Cloud).
• Production experience managing Zscaler (ZIA and/or ZPA), including policy administration and troubleshooting.
• Strong SIEM experience, including detection development, alert tuning, incident investigation, and log source integration.
• Experience managing vulnerability programs across AWS and Azure cloud environm
• ents.Working knowledge of digital forensics and incident response methodologies.
• Experience operating security programs aligned with the NIST Cybersecurity Framework and/or NIST 800-53.
• Proven ability to write, maintain, and operationalize security policies and standards.
• Excellent written and verbal communication skills, including the ability to explain technical risks to non-technical audiences.
• Ability to work in a hybrid environment with regular in-office presence.

Preferred Qualifications:

• Industry certifications such as CISSP, CISM, GCIH, GCFA, GCIA, or equivalent.
• Experience in highly regulated environments or critical infrastructure sectors.
• Familiarity with industry regulatory frameworks and compliance requirements.
• Experience scripting or automating security workflows using Python, PowerShell, KQL, or similar technologies.
• Prior experience serving as a senior technical lead preparing to transition into a management role.