Information Security Manager

Position Overview

PartnerOne is seeking a seasoned Information Security Manager to lead, scale, and mature the organization's security function. This is a senior leadership role with a broad scope, encompassing direct team management, executive-level reporting, and full ownership of the company's security strategy and operational programs. The Information Security Manager will translate organizational risk appetite into executable programs, build and develop a high-performing security team, and serve as the definitive security authority across the business. This individual will influence product, engineering, compliance, and go-to-market decisions — ensuring security is a competitive differentiator and not just an operational requirement.

Why This Role Exists

As PartnerOne grows its client base and expands its product portfolio, the complexity and stakes of its security obligations have grown in tandem. This role was created to provide executive-caliber security leadership — someone who can own the full security roadmap, build organizational capability, and represent security at the highest levels of the business, including to clients, auditors, regulators, and the Board.

Team Leadership & Organizational Development

• Build, manage, and develop a high-functioning information security team, establishing clear roles, performance expectations, career pathways, and a culture of accountability and continuous improvement.

• Set team priorities and allocate resources across security disciplines — including vulnerability management, incident response, application security, data protection, and audit — ensuring appropriate coverage and depth.

• Mentor and develop mid-level security staff (including leads and analysts), actively investing in the professional growth of direct reports.

• Define hiring plans and lead recruiting efforts to grow team capacity in alignment with company growth and evolving threat landscapes.

• Foster a security-first culture across PartnerOne through active engagement, education, and relationship-building at all levels of the organization.

Security Strategy & Executive Reporting

• Own and drive PartnerOne's multi-year information security strategy, aligning program investments and priorities to business objectives, regulatory obligations, and risk tolerance.

• Develop and present regular security risk reports, program health updates, and strategic recommendations to senior leadership and the Board.

• Define, track, and communicate key security performance indicators and risk metrics, translating technical posture into business-relevant terms for executive audiences.

• Manage the information security budget, including headcount planning, tooling investments, and vendor relationships — ensuring strong ROI and alignment with strategic priorities.

• Serve as PartnerOne's senior internal authority on information security, advising the executive team on risk posture, material threats, and program maturity.

Vulnerability Management & Configuration Compliance

• Set the strategic direction for PartnerOne's vulnerability management and configuration compliance programs, establishing standards, accountability structures, and remediation SLAs.

• Own security posture visibility through executive-level dashboards and risk scorecards, ensuring leadership has a clear and current picture of the organization's exposure.

• Oversee structured risk treatment processes, ensuring non-compliance findings are triaged, assigned, and resolved — or formally accepted — with appropriate business context and documentation.

• Drive sustained, measurable improvement in the organization's security posture over time through governance, accountability, and cross-functional coordination.

Security Incident Response & Business Continuity

• Establish and continuously mature PartnerOne's security incident response capability, including detection, triage, escalation, containment, recovery, and post-incident review processes.

• Serve as the executive decision-maker during significant security incidents, providing authoritative leadership and clear communication to internal and external stakeholders.

• Own PartnerOne's security-related Business Continuity and Disaster Recovery planning, ensuring the organization can maintain and restore critical operations following a security event.

• Lead tabletop exercises and incident simulations to test response readiness and identify gaps before real events occur.

Application Security & Secure Development

• Oversee the Application Security program, ensuring that vulnerability scanning, code review standards, and penetration testing activities are embedded into the software development lifecycle.

• Direct internal penetration testing efforts and, where appropriate, manage relationships with external security testing partners to validate application and infrastructure security.

• Collaborate with engineering leadership to embed security requirements into architecture decisions, development standards, and release gates.

• Establish application security KPIs and hold development teams accountable for the timely resolution of identified vulnerabilities.

Client Data Protection & Privacy

• Own PartnerOne's Client Data Protection program, defining the policies, controls, and monitoring practices that govern how client data is handled across the organization.

• Ensure data handling practices across products, services, and operations are consistent with contractual commitments, regulatory requirements, and industry standards.

• Conduct and oversee regular control reviews to validate data protection measures remain effective as the business and its threat environment evolve.

• Collaborate with legal and compliance teams to address data privacy obligations and respond to client data-related inquiries or incidents.

Customer Security Assurance & Commercial Support

• Serve as the senior security authority for client-facing security reviews, executive-level customer discussions, and high-stakes due diligence engagements.

• Oversee the team's completion of security questionnaires and assurance activities, ensuring accuracy, consistency, and timeliness across all client interactions.

• Engage directly with enterprise clients and prospects at the executive level to build confidence in PartnerOne's security posture and capabilities.

• Partner closely with sales and client success leadership to support RFP, RFI, and contract processes, ensuring security representations are accurate and competitively positioned.

Audit, Compliance & Third-Party Risk

• Lead PartnerOne's audit and compliance programs — including SSAE18 (SOC 1/SOC 2), PCI, and other applicable frameworks — from planning through report issuance.

• Build and manage relationships with external auditors and assessors, serving as the primary point of contact for all formal compliance engagements.

• Oversee the Third-Party Risk Management (TPRM) program, ensuring vendors, partners, and suppliers are assessed, monitored, and held to appropriate security standards.

• Ensure audit-readiness is a continuous organizational state, not a reactive effort — building evidence collection, control testing, and documentation into ongoing operations.

Security Governance & Policy

• Own PartnerOne's information security policy framework, including policies, standards, procedures, and exception management processes — ensuring these remain current, enforceable, and business-aligned.

• Represent Information Security on the Change Advisory Board (CAB) and other governance bodies, providing risk-based input on significant organizational and technology changes.

• Lead security architecture reviews for major strategic initiatives and platform transitions, ensuring security is designed in from the start.

• Develop and communicate PartnerOne's GenAI governance framework, enabling teams to adopt generative AI tools responsibly and securely.

Threat Intelligence & Risk Management

• Maintain an active, current understanding of the threat landscape relevant to PartnerOne's industry and technology environment, drawing on sources such as CISA, ISACs, and vendor intelligence feeds.

• Translate threat intelligence into actionable risk guidance for the business, prioritizing mitigations based on likelihood, impact, and operational context.

• Coordinate organizational responses to significant threat events or emerging vulnerabilities, ensuring timely, accurate communication and effective remediation across impacted teams.

Security Awareness & Culture

• Own PartnerOne's security awareness and training program, ensuring content is relevant, engaging, and compliant with regulatory and contractual training requirements.

• Champion a culture of security ownership across the organization — empowering employees at every level to recognize risk and act accordingly.

• Maintain active engagement with external security communities, industry groups, and peer networks to stay ahead of emerging risks and evolving best practices.