Information Security Manager

Summary:

The Information Security Manager will be responsible for the overall cyber picture of YA, including the development, execution, and continuous improvement of the organization’s cybersecurity strategy. This hands-on leader ensures the protection of YA’s digital assets, regulatory compliance, and business continuity. The Information Security Manager will partner with stakeholders across the organization to drive security initiatives and foster a culture of proactive risk management.

Role & Responsibilities:

• Develop, implement, and maintain YA’s cybersecurity strategy, policies, and procedures
• Oversee daily security operations, including threat detection, incident response, and vulnerability management
• Monitor and maintain security infrastructure (firewalls, antivirus, SIEM, endpoint protection, etc.)
• Lead periodic risk assessments and security audits to identify and mitigate threats
• Lead the organization's efforts to achieve and maintain SOC 2 compliance or other relevant security certifications (e.g., ISO 27001, CSF, CMMC, PCI DSS, HIPAA)
• Ensure compliance with relevant regulations (GDPR, CCPA, HIPAA) and internal policies
• Manage third-party security vendors and service providers
• Create and maintain documentation to support security operations and user awareness
• Deliver security awareness training and promote responsible data handling practices
• Prepare reports for executive leadership on security posture, incidents, and risk trends
• Collaborate with IT, HR, Legal, and other departments to embed security into business processes
• Lead and mentor junior security staff or contractors
• Perform additional duties as assigned

Key Qualifications:

• Bachelor’s degree in information security, Computer Science, or related field, with at least 5 years of job-related experience
• Minimum 3+ years’ experience in cybersecurity management or leadership
• Demonstrated experience in leading organizations through the successful attainment of security certifications such as SOC 2, ISO 27001, PCI DSS, HIPAA, CMMC, or similar frameworks.
• Strong knowledge of risk management frameworks, security architecture, and regulatory compliance
• Hands-on experience with SIEM, endpoint protection, vulnerability scanners, and cloud security tools
• Experience with Microsoft 365 security controls and cloud services is preferred.
• Certifications such as CISSP, CISM, or GIAC are highly desirable
• Knowledge of anti-virus software, firewalls, intrusion detection systems, and other network security measures
• Excellent organizational and interpersonal skills with a customer-service orientation
• Demonstrated ability to produce timely, high-standard work while managing multiple priorities and cross-functional initiatives
• PowerShell and scripting knowledge preferred

Physical Requirements:

The physical demands described here represent those required to successfully perform essential job functions. Reasonable accommodation may be made for individuals with disabilities.

While performing job duties, the employee will regularly use hands to type, handle, or feel objects and communicate verbally. The role frequently requires sitting, with occasional standing, walking, reaching, climbing, balancing, stooping, kneeling, crouching, or crawling. The employee will be at a computer for up to 8 hours per workday.

Fraudulent Recruitment Alert:

Please be vigilant against fraudulent recruitment attempts. YA will never ask for personal financial information (such as bank account numbers or identification numbers) via social media or chat-based apps. We also will not request money for the purchase of business equipment or conduct interviews solely via text message.

All official email communications regarding your application will come from [email protected] or directly from a member of our talent team using an @yagroup.com domain name.

If you suspect any fraudulent activity, please contact us directly at [email protected].