Information Security Manger at Magnetic Technologies Corporation

Rochester, New York, United States -

Full Time

Start Date

Immediate

Expiry Date

17 Jan, 26

Salary

0.0

Posted On

19 Oct, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Compliance, Risk Management, Incident Response, Disaster Recovery, Business Continuity, Security Operations, Governance, Security Architecture, Vendor Management, Security Awareness, Team Development, Stakeholder Management, Threat Hunting, Data Protection, Physical Security

Industry

mining

Description

About Arnold Magnetic Technologies Arnold Magnetic Technologies is a global leader in the engineering and manufacturing of high-performance permanent magnets, magnetic assemblies, precision thin metals, and engineered materials. With more than 125 years of innovation, Arnold serves a wide range of industries, including aerospace, defense, medical, energy, and automotive. The company partners with customers worldwide to deliver mission-critical solutions that enable advanced technologies and drive progress. Position Summary The Information Security Manager will build, lead, and mature Arnold’s enterprise-wide security and compliance program across all systems, environments, data, and locations. This is a hands-on leadership role responsible for developing strategy, managing day-to-day security operations, leading compliance initiatives, and ensuring readiness for multiple audits per year. This position reports directly to the CIO and is a player–coach role with two direct reports, requiring both hands-on execution and leadership. This role owns the full security lifecycle, including governance, risk, compliance, security operations, incident response, disaster recovery, business continuity, data protection, identity and access, physical security systems integration, and security architecture. The ideal candidate balances strategic vision with practical execution and can communicate risk and requirements to both technical and executive stakeholders. Key Responsibilities Security Leadership & Strategy * Own and lead the information security program roadmap, budget, staffing, and maturity. * Develop, publish, and maintain security policies, standards, procedures, and guidelines. * Establish security metrics and present regular updates on risk, compliance, and program status to leadership. * Lead cross-functional security initiatives across departments and business units. * Foster a culture of security awareness and accountability throughout the organization. Governance, Risk & Compliance * Pursue and lead certification of CMMC, ISO 27001, and Cyber Essentials+. * Implement and maintain ongoing compliance with SOX ITGC, NIST 800-171r2, and DFARS 252.204-7012 requirements, including SSPs, POA&Ms, and SPRS scoring. * Oversee adherence to ITAR/EAR for export-controlled data and technology. * Ensure compliance with GDPR, Swiss FADP, and other privacy regulations, including data subject rights, DPIAs, and breach notification processes. * Coordinate and lead multiple audits per year (parent company, certification bodies, customers, and external third parties). * Manage remediation plans and track progress with stakeholders. Security Operations * Oversee and mature core security technologies and controls (e.g., SIEM, EDR/XDR, email security, MDM, DLP, secure DNS, vulnerability management, identity protection). * Oversee vulnerability management, remediation SLAs, and executive-level reporting. * Coordinate with infrastructure, networking, and applications teams to ensure secure architecture and segmentation. * Ensure centralized logging and monitoring across all environments. * Ensure timely monitoring and investigation of security alerts, coordinating response efforts, and performing hands-on analysis for high-severity incidents as needed. * Drive proactive threat hunting activities, leveraging internal resources or external partners. * Maintain log retention, integrity, and accessibility for investigations and compliance. Incident Response, DRP, and BCP * Develop, maintain, and lead the Incident Response (IR) program, including runbooks, detection, escalation, and forensics coordination; act as incident commander during significant events. * Conduct post-incident reviews and drive continuous improvement. * Own and coordinate disaster recovery (DRP) and business continuity (BCP) strategies, documentation, and testing in collaboration with IT and business owners. * Lead tabletop exercises for incident preparation. Security Architecture & Project Consulting * Define and approve security requirements for new systems, applications, and integrations, ensuring we implement secure designs. * Conduct threat modeling and provide design guidance to reduce risk. * Embed security checkpoints into project and change management processes. * Ensure secure configurations across cloud, on-premise, and hybrid environments by establishing standards, guiding implementation, and validating control effectiveness. * Implement and enforce encryption, retention, and secure data handling practices. * Establish, maintain, and enforce secure configuration baselines. Physical Security Integration * Oversee the management and implementation of physical security technologies (badge systems, access control, cameras) in coordination with facilities teams. * Coordinate incident response efforts involving both cyber and physical security events. Vendor and Third-Party Risk Management * Evaluate the security posture of third-party vendors and service providers. * Lead security due diligence, contract/security reviews, and ongoing risk assessments. * Ensure vendor contracts include required security, confidentiality, audit, and compliance clauses and drive remediation when gaps are found. * Define, monitor, and enforce SLAs, KPIs, and escalation paths with MSSPs and third-party service providers to ensure quality of security service delivery. * Ensure vendors have incident response processes, notify us of security events, and participate in joint investigations as required. * Define and enforce security requirements for third-party access to systems. * Maintain shared responsibility matrices to clearly define internal vs. cloud provider security duties, ensuring we implement and monitor required controls to remain compliant on third‐party systems. Training & Culture * Develop and deliver enterprise-wide security awareness programs. * Implement targeted role-based training for high-risk business functions. * Conduct phishing simulations and measure program effectiveness. * Ensure technical staff (e.g., system administrators, desktop support, developers) receive training on secure configuration, change management, and security responsibilities aligned to their operational roles. Leadership & Team Development * Lead, mentor, and develop the security team, providing direction, coaching, and performance feedback while fostering growth and accountability. * Define roles, responsibilities, performance metrics, and career development paths. * Promote collaboration, accountability, and continuous learning. Qualifications REQUIRED * Bachelor’s degree in Information Security, Computer Science, Information Systems, Engineering, or related field. * Must hold at least one advanced security certification such as CISSP, CISM, CISA, CASP+/SecurityX, CRISC, ISO 27001 Lead Implementer/Auditor, or CMMC Certified Professional (CCP) * 5+ years of relevant leadership and security experience, including ownership of security operations and compliance programs. * Familiarity with CMMC, ISO 27001, and Cyber Essentials+ or similar certification processes. * Hands-on experience with SIEM, EDR/XDR, vulnerability management, identity/MFA, network/cloud security, and data protection. * Proven incident response leadership and disaster recovery/business continuity experience. * Strong stakeholder management and ability to communicate security risk in business terms. * Experience leading or preparing for audits with internal and external auditors. * U.S. Citizenship required due to ITAR/EAR and handling of controlled data. PREFERRED * Demonstrated experience working with NIST 800-171r2 and SOX/ITGC. * Additional professional certifications. * Master’s degree in a relevant discipline. Working Conditions: * Monday–Friday, 8AM-5PM, with the expectation of availability to address urgent alerts or issues outside regular business hours due to global operations (including nights, weekends, or holidays as needed). * Primarily office-based role with extended periods of computer use and meetings. * Some travel required for periodic visits to other sites, vendor offices, or industry events. * May occasionally require entering manufacturing areas where personal protective equipment (PPE), including safety shoes and eye protection, must be worn in compliance with company safety policies. Hearing protection is available if desired. * The employee may occasionally be required to lift and/or move up to 50 pounds. #ROC Arnold Magnetic Technologies is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.

Responsibilities

The Information Security Manager will lead Arnold's enterprise-wide security and compliance program, overseeing security operations and compliance initiatives. This role includes managing the full security lifecycle, incident response, and fostering a culture of security awareness within the organization.