Senior IT Security Manager I in San Diego, California at Goformz
Explore Related Opportunities
Job Description
We are looking for a hands-on Senior IT Security Manager to own our cybersecurity posture while providing tactical IT operations support. This is a senior individual contributor role with potential team leadership responsibilities as the organization grows. The right candidate thrives in a small-team environment, is comfortable wearing multiple hats, and brings deep security expertise alongside solid IT fundamentals.
Approximately 75% of this role is focused on cybersecurity — strategy, implementation, monitoring, and compliance. The remaining 25% covers core IT support and systems administration to keep the organization running smoothly.
Key Responsibilities
Cybersecurity (75%)
Security Program Ownership
- Own and continuously mature the organization's information security program, policies, and roadmap
- Develop, implement, and enforce security policies, standards, and procedures aligned with industry frameworks (NIST CSF, ISO 27001, CIS Controls, or equivalent)
- Conduct regular risk assessments and maintain a risk register; prioritize remediation based on business impact
Threat Detection & Incident Response
- Monitor, triage, and respond to security events and alerts across endpoints, network, cloud, and SaaS environments
- Own the incident response plan; lead investigation, containment, and post-incident review for security events
- Manage vulnerability scanning programs and drive timely remediation with internal stakeholders
Security Architecture & Engineering
- Evaluate, deploy, and manage security tooling (EDR, SIEM, MFA/SSO, email security, DLP, firewall, VPN, etc.)
- Provide security guidance on cloud infrastructure (Azure/GCP), SaaS adoption, and new technology onboarding
- Oversee identity and access management (IAM) including provisioning, deprovisioning, and least-privilege enforcement
Compliance & Third-Party Risk
- Lead and support compliance efforts for applicable frameworks or regulations (SOC 2, HIPAA, PCI-DSS, CMMC, GDPR, etc.)
- Manage the vendor security review process and maintain third-party risk inventory
- Coordinate with external auditors, penetration testers, and security consultants
Security Awareness
- Develop and run the organization's security awareness training program
- Conduct phishing simulations and track outcomes; deliver targeted education where needed
- Act as a security advocate internally — advising leadership and employees on security best practices
- Serve as escalation point for complex IT support issues across hardware, software, and connectivity
- Administer core systems: Microsoft 365 / Google Workspace, Active Directory / Entra ID, MDM (Intune, Jamf, or similar)
- Manage software vendor relationships
- Manage user lifecycle (onboarding/offboarding), device provisioning, and access reviews
- Maintain IT asset inventory and ensure systems remain patched and up to date
- Support network infrastructure including firewalls, switches, and wireless access points
- Document IT processes, runbooks, and system configurations
Requirements: Qualifications
Required
- 7+ years of progressive IT and cybersecurity experience, with at least 3 years in a senior or lead security role
- Demonstrated experience managing security programs end-to-end in a resource-constrained environment
- Hands-on experience with security tools: EDR, SIEM, vulnerability scanners, email security gateways, payment fraud systems, and identity platforms
- Working knowledge of one or more compliance frameworks (SOC 2, NIST, ISO 27001, etc.)
- Strong incident response skills — you've handled real events, not just tabletops
- Prior involvement in security audits, penetration tests, or regulatory reviews
- Experience administering Microsoft 365 or Google Workspace and cloud environments (AWS, Azure, or GCP)
- Experience managing security and compliance planforms, such as Drata
- Excellent written and verbal communication; able to present risk to non-technical leadership clearly
Preferred
- Relevant certifications: CISSP, CISM, Security+, CEH, GCIA, GCIH, or equivalent
- Experience at a company with 50–500 employees; comfortable being the primary security resource
- Familiarity with zero trust architecture principles
- Experience managing or mentoring junior IT/security staffPhysical Requirements:
- Prolonged periods of sitting at a desk and working on a computer.
- Must be able to lift up to 25 pounds at times.