IT Security Manager - Permanent

Position Summary

The Client Security Program Manager is responsible for providing dedicated security program leadership for a high-stakes client engagement with very low tolerance for risk. This role ensures security expectations are met consistently across global delivery environments, including permanent operational sites and temporary/“pop-up” locations. The position acts as the single point of accountability for coordinating security activities spanning physical/operational security and cybersecurity, ensuring cohesive execution, clear communication, and proactive risk management.

This role is not a purely technical cybersecurity role or a purely physical security role. It is a program leadership and assurance role that integrates stakeholders, drives actions to closure, and improves the client’s confidence in security outcomes.

Key Responsibilities

1) Client Security Partnership \& Stakeholder Management

· Serve as the primary security interface for a designated client engagement, building trust through consistency, transparency, and clear follow-through.

· Establish structured engagement routines (e.g., security governance calls, quarterly program reviews) to align on expectations and surface issues early.

· Translate client security concerns into actionable workstreams and ensure the right internal teams are engaged without unnecessary handoffs.

· Maintain stakeholder alignment across business owners, operations leaders, technology teams, and security teams by providing a single, cohesive view of security posture, priorities, and progress.

This client expects security to be managed with the same rigor as a regulated program with strong controls, reliable execution, and a confident point of contact who can drive outcomes.

2) Security Program Governance \& Assurance

· Create and manage the security program plan for the client: scope, objectives, milestones, metrics, and reporting cadence.

· Provide executive-ready reporting on security posture and trends, including risks, incidents, corrective actions, audit outcomes, and readiness activities.

· Ensure security requirements are documented, traceable, and operationalized across multiple regions and delivery models.

· Drive program discipline: agenda management, action tracking, decision logs, and escalation paths.

A low-risk-tolerance client measures security maturity by governance quality as much as by control design.

3) Physical \& Operational Security Oversight (Delivery Environment Focus)

· Coordinate security practices and standards for physical environments where services are delivered (e.g., DVR / CCTV network, biometric equipment, access controls, monitoring, incident reporting, evidence handling).

· Partner with operational leaders to ensure security controls are executed consistently and staff are enabled to follow procedures under real-world conditions.

· Identify recurring operational risks and close the loop via corrective action plans, training reinforcement, and targeted site interventions.

· Support investigations tied to physical environments (as applicable), ensuring clear documentation, structured findings, and prevention-focused remediation.

In distributed and temporary environments, the biggest risk often comes from inconsistent execution, not missing policy.

4) Cybersecurity \& Technology Security Coordination

· Coordinate cybersecurity topics relevant to the client engagement (e.g., monitoring/logging expectations, access management, platform security posture, evidence retention).

· Act as the “security translator” between client expectations and internal technical teams—ensuring requirements are understood, prioritized, and implemented.

· Track and manage security-impacting technology changes that could affect client confidence, and ensure security review occurs at the right time.

· Support incident response coordination for security events that include cyber components, ensuring clear communication, accurate status reporting, and post-incident corrective action follow-through.

Clients evaluate security holistically — technology controls must align with operational realities and assurance needs.

5) Risk Management, Incident Readiness \& Continuous Improvement

· Maintain a client-specific risk view (risk register or equivalent), including severity, mitigations, owners, timelines, and residual risk acceptance decisions.

· Proactively identify trends across incidents, audits, and operational observations; recommend changes that reduce recurrence and strengthen deterrence.

· Support readiness for client reviews, audits, and assurance requests by ensuring evidence is available, consistent, and easily explainable.

· Build repeatable playbooks for high-frequency issues (e.g., incident communications, evidence collection, escalation triggers, corrective action tracking).

Low-tolerance clients want fewer surprises. This role reduces surprises by making risk visible and managed.

Required Qualifications

Experience \& Domain Background

· 7+ years of experience in one or more of the following areas: security program management, security operations, operational risk, compliance/assurance, or client-facing security roles.

Context: This role requires enough experience to independently drive cross-functional security outcomes and to engage confidently with senior client stakeholders.

· Demonstrated experience supporting a high-stakes or low-risk-tolerance environment (regulated industry, high integrity programs, safety/security-critical services, or high-visibility client engagements).

Context: The client will expect high rigor, structured reporting, and rapid escalation when needed.

Program \& Coordination Skills

· Proven ability to lead across multiple teams without direct authority, using influence, clarity, and follow-through to drive work to closure.

Context: Success depends on orchestration - pulling together physical operations, technology, cybersecurity, and assurance functions.

· Strong program management capability, including governance routines, metrics, action tracking, escalation management, and executive reporting.

: This is an accountability role; you will be measured on outcomes and predictability.

Security Knowledge (Balanced Physical + Cyber)

· Strong understanding of physical/operational security concepts (control execution, investigations support, procedural compliance, site risk, staff enablement).

Context: Much of the “real risk” in distributed delivery environments is operational and human-process driven.

· Working knowledge of cybersecurity fundamentals (access control concepts, logging/monitoring, incident response lifecycle, security requirements translation).

: You don’t need to be a hands-on technical engineer, but you must be able to coordinate cyber stakeholders and speak credibly to risk and assurance.

Communication \& Client Presence

· Excellent written and verbal communication skills, including the ability to produce client-ready updates, risk summaries, and executive-level briefings.

Context: The role must convey confidence, precision, and transparency—especially during incidents.

Preferred Qualifications

· Experience in distributed global operations, multi-site delivery models, or temporary/pop-up operational environments.

· Familiarity with governance and service management frameworks (e.g., COBIT, ITIL/IT Service Management, risk frameworks, audit readiness).

· Experience supporting investigations, evidence management, or audit response coordination.

· Relevant certifications (nice to have): CISM, CRISC, PMP, ITIL Foundation (or comparable).

Key Competencies

· Ownership mindset and accountability

· Risk-based decision making and prioritization

· Stakeholder management and diplomacy under pressure

· Structured communication and executive presence

· Operational judgment and attention to detail

· Continuous improvement and resilience

What Success Looks Like (6–12 months)

· A stable governance cadence exists with clear reporting and measurable improvement.

· Reduced friction and faster security response times for client questions and events.

· Visible reduction in repeat issues through corrective actions and trend-driven improvements.

· Stronger alignment between physical/operational security and cyber/technology controls, expressed as a single coherent program.

Benefits:

• Opportunities for promotion
• Professional development
• Work from home

Work Location: In person