# Information Security Manager **Company:** [Partner One Capital](http://jobs.workable.com/companies/kpbtU7ScBgegwj4qxTJaVa.md) **Location:** Remote **Workplace:** remote **Employment type:** Full-time [Apply for this job](http://jobs.workable.com/view/37592973-b556-4578-8640-e92a295ed631) ## Description ### **Position Overview** PartnerOne is seeking a seasoned Information Security Manager to lead, scale, and mature the organization's security function. This is a senior leadership role with a broad scope, encompassing direct team management, executive-level reporting, and full ownership of the company's security strategy and operational programs. The Information Security Manager will translate organizational risk appetite into executable programs, build and develop a high-performing security team, and serve as the definitive security authority across the business. This individual will influence product, engineering, compliance, and go-to-market decisions — ensuring security is a competitive differentiator and not just an operational requirement. ### **Why This Role Exists** As PartnerOne grows its client base and expands its product portfolio, the complexity and stakes of its security obligations have grown in tandem. This role was created to provide executive-caliber security leadership — someone who can own the full security roadmap, build organizational capability, and represent security at the highest levels of the business, including to clients, auditors, regulators, and the Board. ### **Team Leadership & Organizational Development** • Build, manage, and develop a high-functioning information security team, establishing clear roles, performance expectations, career pathways, and a culture of accountability and continuous improvement. • Set team priorities and allocate resources across security disciplines — including vulnerability management, incident response, application security, data protection, and audit — ensuring appropriate coverage and depth. • Mentor and develop mid-level security staff (including leads and analysts), actively investing in the professional growth of direct reports. • Define hiring plans and lead recruiting efforts to grow team capacity in alignment with company growth and evolving threat landscapes. • Foster a security-first culture across PartnerOne through active engagement, education, and relationship-building at all levels of the organization. ### **Security Strategy & Executive Reporting** • Own and drive PartnerOne's multi-year information security strategy, aligning program investments and priorities to business objectives, regulatory obligations, and risk tolerance. • Develop and present regular security risk reports, program health updates, and strategic recommendations to senior leadership and the Board. • Define, track, and communicate key security performance indicators and risk metrics, translating technical posture into business-relevant terms for executive audiences. • Manage the information security budget, including headcount planning, tooling investments, and vendor relationships — ensuring strong ROI and alignment with strategic priorities. • Serve as PartnerOne's senior internal authority on information security, advising the executive team on risk posture, material threats, and program maturity. ### **Vulnerability Management & Configuration Compliance** • Set the strategic direction for PartnerOne's vulnerability management and configuration compliance programs, establishing standards, accountability structures, and remediation SLAs. • Own security posture visibility through executive-level dashboards and risk scorecards, ensuring leadership has a clear and current picture of the organization's exposure. • Oversee structured risk treatment processes, ensuring non-compliance findings are triaged, assigned, and resolved — or formally accepted — with appropriate business context and documentation. • Drive sustained, measurable improvement in the organization's security posture over time through governance, accountability, and cross-functional coordination. ### **Security Incident Response & Business Continuity** • Establish and continuously mature PartnerOne's security incident response capability, including detection, triage, escalation, containment, recovery, and post-incident review processes. • Serve as the executive decision-maker during significant security incidents, providing authoritative leadership and clear communication to internal and external stakeholders. • Own PartnerOne's security-related Business Continuity and Disaster Recovery planning, ensuring the organization can maintain and restore critical operations following a security event. • Lead tabletop exercises and incident simulations to test response readiness and identify gaps before real events occur. ### **Application Security & Secure Development** • Oversee the Application Security program, ensuring that vulnerability scanning, code review standards, and penetration testing activities are embedded into the software development lifecycle. • Direct internal penetration testing efforts and, where appropriate, manage relationships with external security testing partners to validate application and infrastructure security. • Collaborate with engineering leadership to embed security requirements into architecture decisions, development standards, and release gates. • Establish application security KPIs and hold development teams accountable for the timely resolution of identified vulnerabilities. ### **Client Data Protection & Privacy** • Own PartnerOne's Client Data Protection program, defining the policies, controls, and monitoring practices that govern how client data is handled across the organization. • Ensure data handling practices across products, services, and operations are consistent with contractual commitments, regulatory requirements, and industry standards. • Conduct and oversee regular control reviews to validate data protection measures remain effective as the business and its threat environment evolve. • Collaborate with legal and compliance teams to address data privacy obligations and respond to client data-related inquiries or incidents. ### **Customer Security Assurance & Commercial Support** • Serve as the senior security authority for client-facing security reviews, executive-level customer discussions, and high-stakes due diligence engagements. • Oversee the team's completion of security questionnaires and assurance activities, ensuring accuracy, consistency, and timeliness across all client interactions. • Engage directly with enterprise clients and prospects at the executive level to build confidence in PartnerOne's security posture and capabilities. • Partner closely with sales and client success leadership to support RFP, RFI, and contract processes, ensuring security representations are accurate and competitively positioned. ### **Audit, Compliance & Third-Party Risk** • Lead PartnerOne's audit and compliance programs — including SSAE18 (SOC 1/SOC 2), PCI, and other applicable frameworks — from planning through report issuance. • Build and manage relationships with external auditors and assessors, serving as the primary point of contact for all formal compliance engagements. • Oversee the Third-Party Risk Management (TPRM) program, ensuring vendors, partners, and suppliers are assessed, monitored, and held to appropriate security standards. • Ensure audit-readiness is a continuous organizational state, not a reactive effort — building evidence collection, control testing, and documentation into ongoing operations. ### **Security Governance & Policy** • Own PartnerOne's information security policy framework, including policies, standards, procedures, and exception management processes — ensuring these remain current, enforceable, and business-aligned. • Represent Information Security on the Change Advisory Board (CAB) and other governance bodies, providing risk-based input on significant organizational and technology changes. • Lead security architecture reviews for major strategic initiatives and platform transitions, ensuring security is designed in from the start. • Develop and communicate PartnerOne's GenAI governance framework, enabling teams to adopt generative AI tools responsibly and securely. ### **Threat Intelligence & Risk Management** • Maintain an active, current understanding of the threat landscape relevant to PartnerOne's industry and technology environment, drawing on sources such as CISA, ISACs, and vendor intelligence feeds. • Translate threat intelligence into actionable risk guidance for the business, prioritizing mitigations based on likelihood, impact, and operational context. • Coordinate organizational responses to significant threat events or emerging vulnerabilities, ensuring timely, accurate communication and effective remediation across impacted teams. ### **Security Awareness & Culture** • Own PartnerOne's security awareness and training program, ensuring content is relevant, engaging, and compliant with regulatory and contractual training requirements. • Champion a culture of security ownership across the organization — empowering employees at every level to recognize risk and act accordingly. • Maintain active engagement with external security communities, industry groups, and peer networks to stay ahead of emerging risks and evolving best practices. ## Requirements ### **Qualifications & Experience** • 8+ years of progressive information security experience, including at least 3 years in a leadership or management capacity with direct reports. • Demonstrated experience owning and maturing a broad security program across multiple disciplines simultaneously. • Deep familiarity with compliance frameworks, including SOC 1/SOC 2 (SSAE18), PCI-DSS, and relevant data privacy regulations. • Proven ability to communicate complex security risk clearly and persuasively to executive and Board-level audiences. • Experience managing security in a SaaS, fintech, or similarly regulated technology environment preferred. • Relevant certifications (CISSP, CISM, CRISC, or equivalent) strongly preferred. • Track record of building and developing high-performing security teams in a fast-paced, growth-oriented environment.