Information Security Manager

About the role

Position Overview PartnerOne is seeking a seasoned Information Security Manager to lead, scale, and mature the organization's security function. This is a senior leadership role with a broad scope, encompassing direct team management, executive-level reporting, and full ownership of the company's security strategy and operational programs. The Information Security Manager will translate organizational risk appetite into executable programs, build and develop a high-performing security team, and serve as the definitive security authority across the business. This individual will influence product, engineering, compliance, and go-to-market decisions - ensuring security is a competitive differentiator and not just an operational requirement. Why This Role Exists As PartnerOne grows its client base and expands its product portfolio, the complexity and stakes of its security obligations have grown in tandem. This role was created to provide executive-caliber security leadership - someone who can own the full security roadmap, build organizational capability, and represent security at the highest levels of the business, including to clients, auditors, regulators, and the Board. Team Leadership & Organizational Development - Build, manage, and develop a high-functioning information security team, establishing clear roles, performance expectations, career pathways, and a culture of accountability and continuous improvement. - Set team priorities and allocate resources across security disciplines - including vulnerability management, incident response, application security, data protection, and audit - ensuring appropriate coverage and depth. - Mentor and develop mid-level security staff (including leads and analysts), actively investing in the professional growth of direct reports. - Define hiring plans and lead recruiting efforts to grow team capacity in alignment with company growth and evolving threat landscapes. - Foster a security-first culture across PartnerOne through active engagement, education, and relationship-building at all levels of the organization. Security Strategy & Executive Reporting - Own and drive PartnerOne's multi-year information security strategy, aligning program investments and priorities to business objectives, regulatory obligations, and risk tolerance. - Develop and present regular security risk reports, program health updates, and strategic recommendations to senior leadership and the Board. - Define, track, and communicate key security performance indicators and risk metrics, translating technical posture into business-relevant terms for executive audiences. - Manage the information security budget, including headcount planning, tooling investments, and vendor relationships - ensuring strong ROI and alignment with strategic priorities. - Serve as PartnerOne's senior internal authority on information security, advising the executive team on risk posture, material threats, and program maturity. Vulnerability Management & Configuration Compliance - Set the strategic direction for PartnerOne's vulnerability management and configuration compliance programs, establishing standards, accountability structures, and remediation SLAs. - Own security posture visibility through executive-level dashboards and risk scorecards, ensuring leadership has a clear and current picture of the organization's exposure. - Oversee structured risk treatment processes, ensuring non-compliance findings are triaged, assigned, and resolved - or formally accepted - with appropriate business context and documentation. - Drive sustained, measurable improvement in the organization's security posture over time through governance, accountability, and cross-functional coordination. Security Incident Response & Business Continuity - Establish and continuously mature PartnerOne's security incident response capability, including detection, triage, escalation, containment, recovery, and post-incident review processes. - Serve as the executive decision-maker during significant security incidents, providing authoritative leadership and clear communication to internal and external stakeholders. - Own PartnerOne's security-related Business Continuity and Disaster Recovery planning, ensuring the organization can maintain and restore critical operations following a security event. - Lead tabletop exercises and incident simulations to test response readiness and identify gaps before real events occur. Application Security & Secure Development - Oversee the Application Security program, ensuring that vulnerability scanning, code review standards, and penetration testing activities are embedded into the software development lifecycle. - Direct internal penetration testing efforts and, where appropriate, manage relationships with external security testing partners to validate application and infrastructure security. - Collaborate with engineering leadership to embed security requirements into architecture decisions, development standa