Job Title: Cybersecurity ManagerDuration: Contract (Long - Term)Location: Garden City, NY, San Ramon, CA, San Jose, CA, San Francisco, CA, Los Angeles, CA, Dallas, TX, Portland, OR, Chicago, IL, Philadelphia, PA, St. Louis, MO, Atlanta, GA, Duluth, GA, Denver, COTop 3 Skills - Planning and strategy execution
- Azure
- Financial compliance
Role summaryLeadership role responsible for cybersecurity program execution, compliance operations (ISO 27001, SOC 2), and risk management within Core Technology. This role will expand Client cybersecurity capabilities from primarily compliance-focused to strategically-driven security engineering with a clear, measurable roadmap.
MissionProtect business operations and client data through measurable risk reduction, audit-ready compliance execution, and security controls that enable business velocity without unacceptable risk. Establish 's first comprehensive cybersecurity roadmap with prioritized initiatives, clear ownership, and transparent progress tracking.
Core outcomes - Multi-year cybersecurity roadmap with prioritized, funded initiatives
- Strategic expansion of cybersecurity engineering capabilities
- Measurable cybersecurity risk reduction across the firm
- Audit-ready compliance (ISO 27001, SOC 2) with clean audits
- Fast, effective M&A security due diligence
- Predictable operations with intake tracking and decision documentation
- Risk posture visibility for leadership decision-making
- High-performing cybersecurity and compliance team
Key responsibilitiesStrategic planning and roadmap development • Build and maintain multi-year cybersecurity roadmap aligned to business objectives
• Conduct annual risk assessments and prioritize top risks with clear mitigation plans
• Define security architecture vision and incremental implementation phases
• Establish measurable security metrics and KPIs with executive dashboards
• Present strategic security initiatives to leadership with business cases and ROI
• Balance long-term strategic initiatives with tactical operational demands
• Drive annual security budget planning with justified resource requirements
Cybersecurity function expansion • Transition team from compliance-focused to balanced security engineering + compliance model
• Identify capability gaps and build hiring plan for cybersecurity engineers
• Implement security operations center (SOC) capabilities or managed service partnerships
• Establish threat intelligence program with proactive threat hunting
• Expand from reactive security to proactive security posture management
• Define clear escalation paths and on-call rotation for security incidents
• Mature incident response from ad-hoc to structured playbook-driven approach
Cybersecurity program leadership • Lead cybersecurity strategy with prioritized, measurable risk reduction initiatives
• Implement security engineering standards and control frameworks
• Drive incident response readiness and rapid threat containment
• Partner with infrastructure, networking, and DevOps on security architecture
• Provide practical security guidance that enables business outcomes
• Drive cloud security strategy across Azure, AWS, and SaaS applications
• Address AI/ML security risks as firm expands AI capabilities
Compliance execution • Own ISO 27001 and SOC 2 compliance programs and audit execution
• Maintain audit-ready evidence and compliance documentation
• Manage security questionnaires and assessments for clients
• Coordinate penetration testing and vulnerability remediation
• Ensure compliance with regulations (GDPR, HIPAA, state privacy laws)
M&A security due diligence • Assess cybersecurity and compliance posture of acquisition targets
• Identify security risks and integration requirements
• Provide clear risk recommendations to deal teams
• Support secure integration of acquired firms
• Balance security rigor with M&A timeline constraints
Operations and governance • Run predictable intake, prioritization, and execution model
• Implement escalation paths with clear on-call coverage
• Track decisions, actions, and risk acceptance through governance
• Provide regular security and compliance reporting to leadership
• Drive continuous improvement through metrics and post-incident reviews
• Ensure all security meetings produce documented decisions or actions
Team leadership • Build and develop cybersecurity and GRC analyst capabilities
• Recruit and onboard cybersecurity engineers to expand technical depth
• Provide clear ownership and accountability for team deliverables
• Create career development paths for security professionals
• Foster collaboration across IT and business stakeholders
• Model extreme ownership and solution-oriented leadership
Required experience • 7+ years cybersecurity or GRC experience
• 5+ years leading security or compliance teams
• Proven track record building cybersecurity roadmaps and strategic plans
• Experience expanding security teams and capabilities
• Audit program management (ISO 27001, SOC 2, or equivalent)
• Security engineering and architecture experience
• M&A security due diligence experience
Required technical knowledge • Security frameworks (NIST, ISO 27001, SOC 2, CIS Controls)
• Security tools (SIEM, EDR, DLP, vulnerability management, GRC platforms)
• Cloud security (Azure, AWS, or GCP)
• Identity and access management
• Incident response and threat analysis
• Security compliance and audit processes
• Risk assessment and management methodologies
• Cybersecurity maturity models and capability assessment
• Security metrics, KPIs, and executive reporting.
Required leadership capabilities • Strategic thinking with ability to translate business objectives into security roadmaps
• Program management of multi-year, multi-initiative security programs
• Building and developing high-performing teams
• Clear communication of security risks to executives and non-technical audiences
• Stakeholder management across IT, legal, HR, and business units
• Decision-making under uncertainty with clear risk tradeoffs
• Ownership mentality with accountability for results
• Ability to articulate "why" behind security decisions and provide clear recommendations
Preferred • Accounting or financial services industry knowledge
• Microsoft security stack expertise (Defender, Sentinel, Purview, Entra ID)
• GRC platform experience (Vanta, OneTrust, ServiceNow GRC)
• Penetration testing or offensive security background
• Zero Trust architecture implementation experience
• AI/ML security and responsible AI framework knowledge
• Certifications: CISSP, CISM, CISA, ISO 27001 Lead Auditor, Azure Security Engineer