Senior Security Manager IT Risk

 Marlborough, MA, US
Job Category:
 Systems Analysis - IT
Job Type:
Job Posted:


The Senior Security Manager manages Ken’s outsourced SOC, Artic Wolf Networks, and is the relationship owner for other outsourced/3rd Party relationships relating to IT security.  They will ensure appropriate application of risk management methodologies, security products, and technologies to protect the company's systems and information.


  • Manages IT and company compliance issues. Produces detailed documentation including data flow diagrams, logical diagrams, and physical diagrams as required.
  • Provides identity management and access control expertise for systems, networks, applications designs and architectures.
  • Work across both Network, Infrastructure and Systems Administration functions to implement controls and best practices.
  • Works as a liaison between IT and Operations Technology to ensure full and complete implementation of security controls, standards, and policies.
  • Assists IT and Operations Technology with remediation planning and implementation.
  • Establish and tests new and existing internal controls.
  • Develop prioritized initiatives to address findings from both internal testing as well as from SOC.
  • Work with Development to define and adhere to secure coding practices.
  • Maintain all cybersecurity, IT Risk and Compliance, cyber insurance and other key documents (SSAE 16, SOC 1, WISP, Disaster Recovery, et. al.).
  • Assists with development of the company’s Asset Management processes and procedures.
  • Creates KPI’s, metrics, dashboards and reporting to measure the performance of the security organization.
  • Commitment to safety begins with management. Managers and frontline supervisors are accountable for creating and maintaining a culture of Safety and assuring a safe work environment.

Education and/or Experience

Bachelor's degree in information technology or equivalent plus 5+ years of related work experience with IT Risk Management, or an equivalent combination of education and work experience; Good understanding of risk management principles, regulatory requirements, and industry best practices; Good understanding of General IT Controls, and Data Privacy Regulations; previous auditor experience a plus; Good understanding of IT systems and controls including Web systems, e-commerce, data centers, network infrastructure, patching, access controls, databases, cloud systems etc.

 Certificates, Licenses, Registrations
CISM or CISSP Certification preferred.


  • Analytical skills and the ability to organize work in a logical, thorough, and succinct manner.
  • Flexibility to adapt to changing assignments and ability to effectively prioritize.
  • Effective with written and verbal English communications at all levels, providing compliance guidance to project teams, management, and business partners.
  • Demonstrated ability to operate and innovate in a small team with a fast-paced environment, balancing both strategic and tactical needs.
  • SSAE 16
  • SOC 1
  • State and Federal Data Privacy Regulations (as applicable)
    • Cloud Security