Information Security MangerMagnetic Technologies Corporation • Rochester, NY, US
Information Security Manger
Magnetic Technologies Corporation • Rochester, NY, US
10 days ago
Job type
- Permanent
Job descriptionPursue and lead certification of CMMC, ISO 27001, and Cyber Essentials+ . Implement and maintain ongoing compliance with SOX ITGC , NIST 800-171r2 , and DFARS 252.204-7012 requirements, including SSPs, POA&Ms, and SPRS scoring. Oversee adherence to ITAR / EAR for export-controlled data and technology. Ensure compliance with GDPR, Swiss FADP, and other privacy regulations , including data subject rights, DPIAs, and breach notification processes. Coordinate and lead multiple audits per year (parent company, certification bodies, customers, and external third parties). Manage remediation plans and track progress with stakeholders. Oversee and mature core security technologies and controls (e.g., SIEM, EDR / XDR, email security, MDM, DLP, secure DNS, vulnerability management, identity protection). Oversee vulnerability management, remediation SLAs, and executive-level reporting. Coordinate with infrastructure, networking, and applications teams to ensure secure architecture and segmentation. Ensure centralized logging and monitoring across all environments. Ensure timely monitoring and investigation of security alerts, coordinating response efforts, and performing hands-on analysis for high-severity incidents as needed. Drive proactive threat hunting activities, leveraging internal resources or external partners. Maintain log retention, integrity, and accessibility for investigations and compliance. Develop, maintain, and lead the Incident Response (IR) program, including runbooks, detection, escalation, and forensics coordination; act as incident commander during significant events. Conduct post-incident reviews and drive continuous improvement. Own and coordinate disaster recovery (DRP) and business continuity (BCP) strategies, documentation, and testing in collaboration with IT and business owners. Lead tabletop exercises for incident preparation. Define and approve security requirements for new systems, applications, and integrations, ensuring we implement secure designs. Conduct threat modeling and provide design guidance to reduce risk. Embed security checkpoints into project and change management processes. Ensure secure configurations across cloud, on-premise, and hybrid environments by establishing standards, guiding implementation, and validating control effectiveness. Implement and enforce encryption, retention, and secure data handling practices. Establish, maintain, and enforce secure configuration baselines. Oversee the management and implementation of physical security technologies (badge systems, access control, cameras) in coordination with facilities teams. Coordinate incident response efforts involving both cyber and physical security events. Evaluate the security posture of third-party vendors and service providers. Lead security due diligence, contract / security reviews, and ongoing risk assessments. Ensure vendor contracts include required security, confidentiality, audit, and compliance clauses and drive remediation when gaps are found. Define, monitor, and enforce SLAs, KPIs, and escalation paths with MSSPs and third-party service providers to ensure quality of security service delivery. Ensure vendors have incident response processes, notify us of security events, and participate in joint investigations as required. Define and enforce security requirements for third-party access to systems. Maintain shared responsibility matrices to clearly define internal vs. cloud provider security duties, ensuring we implement and monitor required controls to remain compliant on third‐party systems. Develop and deliver enterprise-wide security awareness programs. Implement targeted role-based training for high-risk business functions. Conduct phishing simulations and measure program effectiveness. Ensure technical staff (e.g., system administrators, desktop support, developers) receive training on secure configuration, change management, and security responsibilities aligned to their operational roles. Lead, mentor, and develop the security team, providing direction, coaching, and performance feedback while fostering growth and accountability. Define roles, responsibilities, performance metrics, and career development paths. Promote collaboration, accountability, and continuous learning. Bachelor’s degree in Information Security, Computer Science, Information Systems, Engineering, or related field. Must hold at least one advanced security certification such as CISSP, CISM, CISA, CASP+ / SecurityX, CRISC, ISO 27001 Lead Implementer / Auditor, or CMMC Certified Professional (CCP) 5+ years of relevant leadership and security experience, including ownership of security operations and compliance programs. Familiarity with CMMC, ISO 27001, and Cyber Essentials+ or similar certification processes. Hands-on experience with SIEM, EDR / XDR, vulnerability management, identity / MFA, network / cloud security, and data protection. Proven incident response leadership and disaster recovery / business continuity experience. Strong stakeholder management and ability to communicate security risk in business terms. Experience leading or preparing for audits with internal and external auditors. U.S. Citizenship required due to ITAR / EAR and handling of controlled data. Demonstrated experience working with NIST 800-171r2 and SOX / ITGC. Additional professional certifications. Master’s degree in a relevant discipline. Monday–Friday, 8AM-5PM, with the expectation of availability to address urgent alerts or issues outside regular business hours due to global operations (including nights, weekends, or holidays as needed). Primarily office-based role with extended periods of computer use and meetings. Some travel required for periodic visits to other sites, vendor offices, or industry events. May occasionally require entering manufacturing areas where personal protective equipment (PPE), including safety shoes and eye protection, must be worn in compliance with company safety policies. Hearing protection is available if desired. The employee may occasionally be required to lift and / or move up to 50 pounds.
Job Description
Job Description
About Arnold Magnetic Technologies
Arnold Magnetic Technologies is a global leader in the engineering and manufacturing of high-performance permanent magnets, magnetic assemblies, precision thin metals, and engineered materials. With more than 125 years of innovation, Arnold serves a wide range of industries, including aerospace, defense, medical, energy, and automotive. The company partners with customers worldwide to deliver mission-critical solutions that enable advanced technologies and drive progress.
Position Summary
The Information Security Manager will build, lead, and mature Arnold’s enterprise-wide security and compliance program across all systems, environments, data, and locations. This is a hands-on leadership role responsible for developing strategy, managing day-to-day security operations, leading compliance initiatives, and ensuring readiness for multiple audits per year. This position reports directly to the CIO and is a player–coach role with two direct reports, requiring both hands-on execution and leadership.
This role owns the full security lifecycle, including governance, risk, compliance, security operations, incident response, disaster recovery, business continuity, data protection, identity and access, physical security systems integration, and security architecture. The ideal candidate balances strategic vision with practical execution and can communicate risk and requirements to both technical and executive stakeholders.
Key Responsibilities
Security Leadership & Strategy
- Own and lead the information security program roadmap, budget, staffing, and maturity.
- Develop, publish, and maintain security policies, standards, procedures, and guidelines.
- Establish security metrics and present regular updates on risk, compliance, and program status to leadership.
- Lead cross-functional security initiatives across departments and business units.
- Foster a culture of security awareness and accountability throughout the organization.
Governance, Risk & Compliance
Security Operations
Incident Response, DRP, and BCP
Security Architecture & Project Consulting
Physical Security Integration
Vendor and Third-Party Risk Management
Training & Culture
Leadership & Team Development
Qualifications
Required
Preferred
Working Conditions :
#ROC
Arnold Magnetic Technologies is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.
Create a job alert for this search
Information Security • Rochester, NY, US
Related jobs
A company is looking for a Security and Compliance Manager to oversee the development and governance of its information security program.
Key Responsibilities Maintain and enhance the information ...Show more
Border Patrol Agent (BPA) - Experienced (GL-9 GS-11).Check out these higher-salaried federal law enforcement opportunities with the U.
Your current or prior law enforcement experience may qualify yo...Show more
Check out these higher-salaried federal law enforcement opportunities with the U.Your current or prior law enforcement experience may qualify you for this career opportunity with the nation's premi...Show more Border Patrol Agent (BPA) - Experienced (GL-9 GS-11).Check out these higher-salaried federal law enforcement opportunities with the U.
Your current or prior law enforcement experience may qualify yo...Show more Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more A company is looking for a Senior Identity and Access Management (IAM) Leader.Key Responsibilities Lead and mentor a team of security access management professionals while defining and implementi...Show more A company is looking for a Chief Information Security Officer (CISO).Key Responsibilities Build and lead a security organization aligned with the company's growth strategy Develop frameworks for...Show more A company is looking for a Senior Threat Hunter to perform intelligence-driven network defense and support incident response capabilities.
Key Responsibilities Design and run custom analysis model...Show more A company is looking for a Senior Information Security Engineer.Key Responsibilities Modernize and govern endpoint security infrastructure and practices Act as a liaison for security design and ...Show more Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more A company is looking for an Information Security Engineer.Key Responsibilities Collaborate with security engineers to modernize and support email security infrastructure Act as a liaison for inf...Show more 
Monitor their organization’s networks for security breaches and investigate a violation when one occurs Install and use software, such as firewalls and data encryption programs, to protect sensitiv...Show more Customs and Border Protection Officer (CBPO).Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of high...Show more A company is looking for an Information Security Threat Hunter II.Key Responsibilities Conducts research and analysis to identify advanced threat actors on the network Develops innovative techni...Show more A company is looking for a Staff Information Security and Risk Engineer.Key Responsibilities Develop and maintain an effective Information Security Management System for compliance with ISO 27001...Show more Border Patrol Agent (BPA) - Experienced (GL-9 GS-11).Check out these higher-salaried federal law enforcement opportunities with the U.
Your current or prior law enforcement experience may qualify yo...Show more Customs and Border Protection (CBP) offers those interested in a career in law enforcement an exceptional opportunity to work with an elite team of highly trained professionals whose camaraderie, p...Show more
Security and Compliance Manager
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 30+ days ago • Promoted
Border Patrol Agent - Experienced
U.S. Customs and Border Protection • Brockville, NY, United States
Full-time
Last updated: 30+ days ago • Promoted
Border Patrol Agent - Experienced (GL9 / GS11)
U.S. Customs and Border Protection • Pultneyville, NY, US
Full-time
Last updated: 16 hours ago • Promoted • New!
Border Patrol Agent - Experienced - Up to 30k Sign On Bonus
U.S. Customs and Border Protection • Brockville, NY, United States
Full-time
Last updated: 30+ days ago • Promoted
Border Patrol Agent - Earn up to $30,000 in Recruitment Incentives
U.S. Customs and Border Protection • Hilton, NY, US
Full-time
Last updated: 16 hours ago • Promoted • New!
Identity and Access Management Lead
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 1 day ago • Promoted
Chief Information Security Officer
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 30+ days ago • Promoted
Senior Threat Hunter
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 30+ days ago • Promoted
Senior Information Security Engineer
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 30+ days ago • Promoted
Border Patrol Agent
U.S. Customs and Border Protection • Pultneyville, NY, US
Full-time
Last updated: 16 hours ago • Promoted • New!
U.S. Border Patrol Agent
U.S. Customs and Border Protection • Honeoye, NY, US
Full-time
Last updated: 16 hours ago • Promoted • New!
Information Security Engineer
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 30+ days ago • Promoted
Information Security Analyst
TradeJobsWorkForce • 14622 Irondequoit, NY, US
Full-time
Last updated: 30+ days ago • Promoted
Customs and Border Protection Officer - Experienced
U.S. Customs and Border Protection • Brockville, NY, United States
Full-time
Last updated: 30+ days ago • Promoted
Information Security Threat Hunter
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 4 days ago • Promoted
Staff Information Security Engineer
VirtualVocations • Rochester, New York, United States
Full-time
Last updated: 30+ days ago • Promoted
Border Patrol Agent - Experienced - Recruitment Incentives
U.S. Customs and Border Protection • Brockville, NY, United States
Full-time
Last updated: 30+ days ago • Promoted
United States Border Patrol Agent
U.S. Customs and Border Protection • Brockport, NY, US
Full-time
Last updated: 16 hours ago • Promoted • New!