[Hiring] Senior Manager, Information Security @ST Engineering iDirect

Role Description

The Senior Manager, Information Security is a key leadership role responsible for overseeing the day‑to‑day execution of the company’s information security program while ensuring readiness for evolving global cybersecurity regulations, including the EU Cyber Resilience Act. Reporting to the Vice President, Technology and Information Security, this role provides hands‑on leadership across security operations, governance, and product security. The position serves as the operational owner for information security execution and as the central coordinator for translating regulatory, security, and product requirements into consistent, scalable outcomes across IT, engineering, and product organizations.

Responsibilities

• Lead day‑to‑day execution of the enterprise information security program in alignment with company strategy and risk posture.
• Oversee security operations including monitoring, vulnerability management, incident response, root‑cause analysis, and remediation tracking.
• Manage implementation and continuous improvement of the ISO27001‑based Information Security Management System (ISMS).
• Ensure ongoing compliance with applicable regulatory requirements, industry standards, and customer security expectations, including emerging product security regulations such as the Cyber Resilience Act.
• Coordinate preparation for internal and external audits, regulatory reviews, certifications, and customer security assessments.
• Lead investigation and response activities for security incidents, vulnerabilities, and control failures, including follow‑up remediation actions.
• Maintain and evolve IT and product security policies, standards, procedures, and technical baselines.
• Drive security awareness initiatives and promote a culture of secure‑by‑design and shared responsibility across the organization.
• Serve as the operational owner for Cyber Resilience Act readiness, interpretation, and implementation across products, platforms, and services.
• Coordinate adoption of CRA‑aligned requirements including secure development lifecycle controls, product risk assessment, threat modeling, vulnerability handling, and coordinated disclosure processes.
• Partner with engineering and product teams to ensure security and resilience requirements are embedded throughout the full product lifecycle, from design through end‑of‑life.
• Ensure product security documentation, evidence, and technical controls support regulatory conformity assessments and audits.
• Track and manage security vulnerabilities impacting products, including prioritization, remediation tracking, customer communication, and regulatory reporting as required.
• Act as a primary liaison with Legal, Compliance, Engineering, and Product leadership on CRA‑related and product security regulatory matters.
• Monitor evolving global product security regulations and standards, assessing impact and recommending proactive controls or design changes.
• Own and define security requirements across the company’s portfolio of products, software, platforms, and managed services.
• Act as the primary security stakeholder and internal customer proxy for security‑related product initiatives and roadmaps.
• Lead cross‑functional security councils involving product management, engineering, services, legal, compliance, and operations.
• Evaluate and prioritize security features, enhancements, and remediation efforts based on regulatory impact, risk exposure, and customer needs.
• Develop security‑related business cases, including scope definition, impact analysis, and risk mitigation value.
• Partner with Product Owners and Engineering teams to translate security and regulatory requirements into epics, user stories, and acceptance criteria.
• Ensure delivery of completed security capabilities, including validation, documentation, testing, and operational readiness.
• Maintain subject‑matter expertise in product security standards, vulnerability management practices, and security maturity models.
• Directly manage the Information Security Manager and assigned security staff.
• Provide coaching, mentorship, and performance management aligned with evolving security and regulatory demands.
• Coordinate cross‑functional execution of security initiatives across IT, engineering, and product organizations.
• Escalate risks, compliance gaps, and resource constraints to the Vice President, Technology and Information Security.
• Support workforce planning, capability development, and scaling of operational and product security functions.

Qualifications

• Bachelor’s degree in Computer Science, Engineering, Information Systems, Cybersecurity, or a related field; advanced degree preferred.
• Seven or more years of experience in information security, cybersecurity, IT risk, or product security roles.
• Hands‑on experience with security governance frameworks and compliance programs such as ISO27001, NIST, SOC, and emerging product security regulations.
• Demonstrated experience working closely with engineering and product teams on secure development lifecycle and vulnerability management.
• Familiarity with product security regulations including the Cyber Resilience Act or equivalent global frameworks.
• Strong analytical, organizational, and communication skills, with the ability to translate regulatory requirements into actionable controls.
• Proven ability to manage multiple initiatives, influence cross‑functional stakeholders, and drive execution in a global environment.