[Hiring] Information Security Manager @Partner One Capital

Role Description

PartnerOne is seeking a seasoned Information Security Manager to lead, scale, and mature the organization's security function. This is a senior leadership role with a broad scope, encompassing direct team management, executive-level reporting, and full ownership of the company's security strategy and operational programs. The Information Security Manager will translate organizational risk appetite into executable programs, build and develop a high-performing security team, and serve as the definitive security authority across the business. This individual will influence product, engineering, compliance, and go-to-market decisions — ensuring security is a competitive differentiator and not just an operational requirement.

Team Leadership & Organizational Development

• Build, manage, and develop a high-functioning information security team, establishing clear roles, performance expectations, career pathways, and a culture of accountability and continuous improvement.
• Set team priorities and allocate resources across security disciplines — including vulnerability management, incident response, application security, data protection, and audit — ensuring appropriate coverage and depth.
• Mentor and develop mid-level security staff (including leads and analysts), actively investing in the professional growth of direct reports.
• Define hiring plans and lead recruiting efforts to grow team capacity in alignment with company growth and evolving threat landscapes.
• Foster a security-first culture across PartnerOne through active engagement, education, and relationship-building at all levels of the organization.

Security Strategy & Executive Reporting

• Own and drive PartnerOne's multi-year information security strategy, aligning program investments and priorities to business objectives, regulatory obligations, and risk tolerance.
• Develop and present regular security risk reports, program health updates, and strategic recommendations to senior leadership and the Board.
• Define, track, and communicate key security performance indicators and risk metrics, translating technical posture into business-relevant terms for executive audiences.
• Manage the information security budget, including headcount planning, tooling investments, and vendor relationships — ensuring strong ROI and alignment with strategic priorities.
• Serve as PartnerOne's senior internal authority on information security, advising the executive team on risk posture, material threats, and program maturity.

Vulnerability Management & Configuration Compliance

• Set the strategic direction for PartnerOne's vulnerability management and configuration compliance programs, establishing standards, accountability structures, and remediation SLAs.
• Own security posture visibility through executive-level dashboards and risk scorecards, ensuring leadership has a clear and current picture of the organization's exposure.
• Oversee structured risk treatment processes, ensuring non-compliance findings are triaged, assigned, and resolved — or formally accepted — with appropriate business context and documentation.
• Drive sustained, measurable improvement in the organization's security posture over time through governance, accountability, and cross-functional coordination.

Security Incident Response & Business Continuity

• Establish and continuously mature PartnerOne's security incident response capability, including detection, triage, escalation, containment, recovery, and post-incident review processes.
• Serve as the executive decision-maker during significant security incidents, providing authoritative leadership and clear communication to internal and external stakeholders.
• Own PartnerOne's security-related Business Continuity and Disaster Recovery planning, ensuring the organization can maintain and restore critical operations following a security event.
• Lead tabletop exercises and incident simulations to test response readiness and identify gaps before real events occur.

Application Security & Secure Development

• Oversee the Application Security program, ensuring that vulnerability scanning, code review standards, and penetration testing activities are embedded into the software development lifecycle.
• Direct internal penetration testing efforts and, where appropriate, manage relationships with external security testing partners to validate application and infrastructure security.
• Collaborate with engineering leadership to embed security requirements into architecture decisions, development standards, and release gates.
• Establish application security KPIs and hold development teams accountable for the timely resolution of identified vulnerabilities.

Client Data Protection & Privacy

• Own PartnerOne's Client Data Protection program, defining the policies, controls, and monitoring practices that govern how client data is handled across the organization.
• Ensure data handling practices across products, services, and operations are consistent with contractual commitments, regulatory requirements, and industry standards.
• Conduct and oversee regular control reviews to validate data protection measures remain effective as the business and its threat environment evolve.
• Collaborate with legal and compliance teams to address data privacy obligations and respond to client data-related inquiries or incidents.

Customer Security Assurance & Commercial Support

• Serve as the senior security authority for client-facing security reviews, executive-level customer discussions, and high-stakes due diligence engagements.
• Oversee the team's completion of security questionnaires and assurance activities, ensuring accuracy, consistency, and timeliness across all client interactions.
• Engage directly with enterprise clients and prospects at the executive level to build confidence in PartnerOne's security posture and capabilities.
• Partner closely with sales and client success leadership to support RFP, RFI, and contract processes, ensuring security representations are accurate and competitively positioned.

Audit, Compliance & Third-Party Risk

• Lead PartnerOne's audit and compliance programs — including SSAE18 (SOC 1/SOC 2), PCI, and other applicable frameworks — from planning through report issuance.
• Build and manage relationships with external auditors and assessors, serving as the primary point of contact for all formal compliance engagements.
• Oversee the Third-Party Risk Management (TPRM) program, ensuring vendors, partners, and suppliers are assessed, monitored, and held to appropriate security standards.
• Ensure audit-readiness is a continuous organizational state, not a reactive effort — building evidence collection, control testing, and documentation into ongoing operations.

Security Governance & Policy

• Own PartnerOne's information security policy framework, including policies, standards, procedures, and exception management processes — ensuring these remain current, enforceable, and business-aligned.
• Represent Information Security on the Change Advisory Board (CAB) and other governance bodies, providing risk-based input on significant organizational and technology changes.
• Lead security architecture reviews for major strategic initiatives and platform transitions, ensuring security is designed in from the start.
• Develop and communicate PartnerOne's GenAI governance framework, enabling teams to adopt generative AI tools responsibly and securely.

Threat Intelligence & Risk Management

• Maintain an active, current understanding of the threat landscape relevant to PartnerOne's industry and technology environment, drawing on sources such as CISA, ISACs, and vendor intelligence feeds.
• Translate threat intelligence into actionable risk guidance for the business, prioritizing mitigations based on likelihood, impact, and operational context.
• Coordinate organizational responses to significant threat events or emerging vulnerabilities, ensuring timely, accurate communication and effective remediation across impacted teams.

Security Awareness & Culture

• Own PartnerOne's security awareness and training program, ensuring content is relevant, engaging, and compliant with regulatory and contractual training requirements.
• Champion a culture of security ownership across the organization — empowering employees at every level to recognize risk and act accordingly.
• Maintain active engagement with external security communities, industry groups, and peer networks to stay ahead of emerging risks and evolving best practices.

Qualifications

• 8+ years of progressive information security experience, including at least 3 years in a leadership or management capacity with direct reports.
• Demonstrated experience owning and maturing a broad security program across multiple disciplines simultaneously.
• Deep familiarity with compliance frameworks, including SOC 1/SOC 2 (SSAE18), PCI-DSS, and relevant data privacy regulations.
• Proven ability to communicate complex security risk clearly and persuasively to executive and Board-level audiences.
• Experience managing security in a SaaS, fintech, or similarly regulated technology environment preferred.
• Relevant certifications (CISSP, CISM, CRISC, or equivalent) strongly preferred.
• Track record of building and developing high-performing security teams in a fast-paced, growth-oriented environment.