Sr. IT Cybersecurity & Compliance Manager

Summary / Position Purpose:

We are seeking a strategic and hands-on IT Cybersecurity and Compliance Manager to lead our organization’s cybersecurity and compliance initiatives. This role is responsible for developing, implementing, and maintaining policies and programs that safeguard our digital assets, ensure regulatory compliance, and promote a culture of security awareness across the enterprise.

Essential Duties, Functions and/or Responsibilities:

• Develop, implement, and maintain the company’s cybersecurity strategy, policies, and procedures in alignment with industry standards (e.g., NIST, ISO 27001, CIS, SOX). Own and maintain the IT Security Policy, Disaster Recovery Plan, and Incident Response protocols in accordance with internal standards and audit readiness requirements.
• Lead internal and external audits, risk assessments, and vulnerability scans to evaluate the effectiveness of security controls and compliance posture.
• Oversee incident response planning and execution, including root cause analysis, remediation, and reporting.
• Partner closely with the IT Operations and Infrastructure team to secure onboarding/offboarding processing, endpoint protection and remediation, network and device segregation and compliance workflows.
• Collaborate with IT, HR, Legal, and other departments to ensure compliance with data privacy laws (e.g., GDPR, CCPA) and internal policies.
• Manage security awareness training programs and phishing simulations to promote a security-first culture.
• Monitor and report on key security metrics and compliance KPIs to executive leadership.
• Evaluate and recommend security tools, technologies, and services to enhance the organization’s security posture.
  • Kaseya 365 Endpoint and User for endpoint management and user access control. (EDR/AV/Patch Management)
  • vPenTest for automated penetration testing and vulnerability validation.
  • Compliance Manager for policy tracking, audit readiness, and regulatory mapping
  • Vulscan for continuous vulnerability scanning and remediation tracking.
  • CATO Networks for secure SD-WAN and cloud-native network security, including SASE architecture and Zero Trust Network Access (ZTNA).
• Serve as the primary point of contact for regulatory bodies, auditors, and third-party security assessments.
• Indirectly and directly responsible for product quality.
• Other duties as assigned.

Education and/or Work Experience Requirements:

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field; Master’s preferred.
• 7+ years of experience in IT security, with at least 3 years in a leadership or compliance-focused role.
• Professional certifications such as CISSP, CISM, CISA, or CRISC strongly preferred.
• Deep understanding of cybersecurity frameworks, risk management, and regulatory compliance.
• Experience with SIEM, IAM, DLP, endpoint protection, and cloud security tools.
• Strong communication and leadership skills with the ability to influence across departments.
• Experience managing compliance in hybrid cloud environments (e.g., Azure, M365).
• Demonstrated ability to lead cross-functional teams and manage complex projects.
• Strong problem-solving and analytical skills.
• Excellent communication skills to collaborate with leadership, business units and other IT teams and to provide technical support. 
• Some after-hours work may be necessary as projects or workloads dictate. This may include weekday evenings, weekends and/or holidays.
• Some travel to organization offices or facilities may be required.

Physical Requirements:

• Ability to safely and successfully perform the essential job functions consistent with the ADA, FMLA and other federal, state and local standards, including meeting qualitative and/or quantitative productivity standards
• Ability to maintain regular, punctual attendance consistent with the ADA, FMLA and other federal, state, and local standards

This position requires applicants to be authorized to work in the US without sponsorship; TestEquity does not sponsor applicants for work visas. 

TestEquity provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.