Manager, Information Security

POSITION SUMMARY

We are seeking a seasoned Information Security Manager / Engineer with a proven track record in similar SME settings to spearhead our Information Security (IS) and Information Assurance (IA) program.

Reporting directly to the CIO, this role involves close collaboration with business leaders and the IT team to enhance our technical defenses, refine policies, elevate security awareness, address complex data privacy requirements, lead the documentation and testing of security controls and lastly take charge of incident response.

Vistage's IT team supports over 500 staff members and 1,000 consultants across 11 countries, and delivers extensive online services to a global community of over 45,000 members.

THE COMPANY

Vistage is the world’s largest CEO coaching and peer advisory organization for small and midsize business (SMB) leaders. We offer the most effective approach for SMB enterprises to achieve better results and grow faster and for SMB leaders to maximize their impact.

The 45,000+ members we serve are CEOs, owners and executives of SMB organizations located across the US and in 37 counties worldwide.

These SMB executives spend a day or more with Vistage every month, immersing themselves in our comprehensive platform to become better leaders, make better decisions and get better results.

Our platform features three core elements : valuable perspectives from a trusted group of peers, professional guidance and meeting facilitation from an accomplished business leader (the Chair), as well as deep insights from subject matter experts.

Vistage was founded more than 65 years ago, and we’ve grown every year since then by innovating to stay on the cutting edge of business and relentlessly delivering value to our members.

Our success is demonstrated by Vistage member companies growing 2.2 times faster than non-Vistage peer companies. Learn more about us at

VISTAGE EMPLOYEE LIFE

Vistage’s success is anchored by a unique culture that reinforces employee commitment to the Vistage mission. It is a spirit of collective success and achievement which is also reflected in our workplace.

Here’s a sample of the employee experience that helps drive our success :

Welcome to our home. Our US headquarters sits in the heart of San Diego’s UTC area. It features an open, modern aesthetic with lots of collaboration spaces and opportunities to interact with co-workers.

We stay fueled up with free snacks and a weekly free lunch day, along with free lattes and nitro cold brew coffee on tap! From our San Diego base, we collaborate with colleagues based across the country and around the world.

We sweat the details. Our on-site gym is decked out with Peloton bikes and other top-tier fitness equipment to keep your workout challenging and fresh.

On-site yoga classes, chair massages, and smoothie days also help keep us focused and healthy!

We invest in your career. Each employee has an actionable career progression plan developed through individual collaboration with their manager.

We focus on promoting from within, and employee progression plans are complemented by all-staff development days held in our state-of-the-art learning center.

Employees also have access to tons of individualized development resources and a generous tuition reimbursement program.

We invest in you. Our employee benefits program is one of the most generous you’ll find. Fully-paid healthcare is provided for employees through Anthem Blue Cross, along with access to company-subsidized dental, vision, and life insurance coverage available to employees at very low rates.

Take care of your financial future with eligibility for 401(k) matching funds after your first month as an employee. Use the free individual investment counseling we provide to help you grow the money you’ve saved.

You’ll also start with 16 days of paid time off + 12 paid holidays per year to allow you to relax and recharge; employees receive additional annual paid days off based on tenure.

We keep it fun! Whether you’re with us in the Padres luxury suite enjoying our summer baseball outing, unwinding during an employee happy hour, or toasting your co-workers at our epic annual holiday party, you’ll see that we take having fun as seriously as helping our members succeed! The office vibe is business casual with flexible schedules and the freedom to work from home three days per week in bunny slippers if that’s your thing! We value mutual respect and laughter .

we hate stiff formality. You’ll have regular access to Vistage executives our CEO even buys everyone doughnuts to fuel his informal employee chats!

Vistage’s culture and sense of mission drive employee loyalty : more than half of our staff has been with the company for five years or longer.

Are you ready to start your Vistage journey?

RESPONSIBILITIES

• Manage and operate security controls throughout the enterprise including providing oversight and verification of user and customer lifecycle and access controls
• Work with engineering, systems and product teams to manage the security implications and components of new projects
• Develop and maintain policies and plans including incident response, disaster preparedness, PCI, privacy and data protection compliance
• Prepare, deliver and verify company-wide infosec awareness training, including the specialist training of frontline and backoffice IT staff.
• Monitor key infosec platforms including endpoint antivirus, remote access, authentication, firewalls, intrusion detection conduct investigations as needed
• Operate vulnerability and risk management tools, prioritizing remediation
• Orchestrate and verify periodic controls including annual risk assessments, quarterly configuration reviews etc
• Work with vendors to select and implement new infosec technologies, services and processes. Evaluate other vendor selections and development projects for infosec risk.
• Provide updated infosec risk assessments, proposing mitigation and new initiatives to address emerging threats, platform / vendor obsolescence etc

EXPERIENCE

We are seeking an enthusiastic infosec manager with a background that includes leading an infosec program, in an SME environment.

Current or recent roles should include management of infosec, infrastructure or IT teams.

• Must have and be able to maintain current expertise is the infosec domain, and have experience with threats, risks and solutions typical for small to medium sized enterprises.
• Candidates must be confident in infosec best practices and operational risk management.
• Must be experienced with the M365 platform, including hands-on tenant level administration, security and policy configuration
• Must have sufficient domain technical experience to perform risk assessments, operate vulnerability management and other security tools, guide incident response, act on emerging threats, lead technical implementation projects and work closely with engineering and infrastructure teams.
• Have experience operating a formal security program in a similar sized business, able to work at all levels of the organization and have experience verifying and demonstrating compliance, for example for internal or external auditors.
• Be an excellent communicator and collaborator, used to working with other engineering teams, support staff, business users and executives

QUALIFICATIONS

• 3-5 years experience in an IT management role in a small or medium enterprise, with direct responsibility for information security, related risk management, operations and compliance.
• Current certifications in the infosec field, for example CISSP (preferred) or CISM
• Experience with managing enterprise grade security tools and infrastructure
• Experience developing and implementing infosec related policies, including communications, change management and related employee training.
• Experience of audit, assurance and compliance in a corporate environment, working with internal and external audit teams and authorities.

Experience with control frameworks such as CIS, NIST or derivatives, COBIT or similar preferred.

Experience administering M365 tenant and services; preferably past experience in a system administrator or system engineer role

TOTAL COMPENSATION RANGE

$140,000 - $160,000 Salary + Corporate Bonus (salary based in San Diego, CA)

JOB LOCATION

Hybrid in San Diego; 2 days onsite, 3 days offsite