Skip to content
Engineering Manager – Information Security
| Company | Gamechanger |
|---|
| Location | New York, NY, USA |
|---|
| Salary | $180000 – $210000 |
|---|
| Type | Full-Time |
|---|
| Degrees | |
|---|
| Experience Level | Senior |
|---|
Requirements
- 5+ years of experience in Information Security, including 2+ years managing or mentoring security teams.
- Experience with application and cloud security in modern SaaS environments (preferably AWS), including IAM, encryption, secrets management, and infrastructure-as-code security.
- Background in GRC frameworks and driving compliance efforts (NIST CSF 2.0, SOC 2, etc.) from assessment to remediation.
- Hands-on familiarity with security tools and practices such as vulnerability scanning, SIEM, DLP, and endpoint detection (EDR).
- Collaboration with software engineers, product managers, and infrastructure teams to embed security in the development lifecycle.
- Strength in framing technical risks for executives just as easily as you can dive deep with engineers.
- Balance pragmatism with security best practices and know how to earn buy-in and move security forward without slowing the business down.
Responsibilities
- Lead and mentor the Information Security team, setting clear priorities, fostering autonomy, and supporting career development.
- Own and evolve the information security backlog. Identify, assess, and prioritize risks, propose and implement mitigations, and communicate decisions across stakeholders.
- Drive initiatives in incident response, vulnerability management, and security automation, while enabling secure product development through close collaboration with Engineering.
- Lead compliance initiatives, including internal assessments (NIST CSF 2.0), external audits, and third-party vendor reviews.
- Partner with Engineering to review system and architecture designs, code changes, and deployment processes embedding security into the SDLC.
- Champion a culture of security-first thinking through cross-functional collaboration, internal training, and running a company-wide security steering committee.
- Participate in the team’s on-call rotation for triaging alerts and responding to security incidents.
- Translate technical risks into business terms and actionable outcomes.
Preferred Qualifications
No preferred qualifications provided.
