A
Posted 10 hours ago
Manager — Information Security and Compliance
apexanalytix
Requirements
8+ years in info security and risk, People management experience, Azure security expertise, Kubernetes and container security, Vulnerability management (Tenable), Compliance knowledge (SOC 2, GDPR, HIPAA), Bachelor's degree in CS or InfoSec, CISSP, CISM, or CISA certification
Skills
AzureKubernetesComplianceDevSecOps
About the role
Responsibilities
- Lead the information security and IT risk program, reporting posture and KPIs to senior leadership
- Own Azure security including Defender for Cloud, Entra ID, PIM, and Key Vault
- Drive Microsoft 365 Defender suite, Microsoft Purview, and Microsoft Sentinel
- Manage Kubernetes and container security, including admission control and runtime protection
- Oversee DevSecOps, SBOM programs, and supply-chain controls
- Manage vulnerability management via Tenable and web application security testing via Burp Suite
- Run SOC 1 / SOC 2 Type II programs and manage external audits
- Lead US and European regulatory compliance including GDPR, HIPAA, CCPA, and NIS2
- Manage the annual security budget, vendor negotiations, and capability roadmaps
- Lead incident response and manage breach-notification timelines
- Coach and grow a team of security and compliance analysts
Requirements
- 8+ years in information security, risk, and IT with people-management experience
- Deep hands-on experience with Azure security and Microsoft 365 Defender/Purview
- Practical Kubernetes, container security, and DevSecOps experience
- Hands-on experience with Tenable and Burp Suite Professional
- Experience with SBOM and supply-chain security (SPDX, CycloneDX, SLSA)
- Proven track record leading SOC 1 / SOC 2 Type II and ISO 27001 cycles
- Working knowledge of US and EU/UK regulatory frameworks
- Solid grounding in NIST CSF 2.0, NIST 800-53, and CIS v8
- Experience managing security budgets and vendor negotiations
- Bachelor's degree in CS, InfoSec, or related field, plus CISSP, CISM, or CISA
Preferred Qualifications
- Experience with Cisco Umbrella DNS-layer security
- FedRAMP, StateRAMP, or HITRUST CSF program experience
- Certifications such as AZ-500, SC-100, CCSP, or ISO 27001 Lead Auditor
- Familiarity with AI/ML governance frameworks
- Exposure to fintech or procure-to-pay environments
About the Company
At apexanalytix, we’re lifelong innovators! Since our founding nearly four decades ago, we’ve been consistently growing, profitable, and delivering the best procure-to-pay solutions to the world.
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeManager — Information Security and Compliance
apexanalytix · Noida
