Manager, Information Security

Description

Job Summary

The Manager of Information Security leads information security initiatives for the Company. As the Manager of Information Security, you will be at the forefront of safeguarding MoneyGram's systems and data. Your primary responsibility will be to lead a team in ensuring the integrity, confidentiality, and availability of our systems and data through proactive vulnerability management, robust application security practices, and efficient detection of security events. You will play a pivotal role in enhancing our security posture by managing third-party penetration testing activities and ensuring the timely remediation of any findings.

Primary Responsibilities

• Lead a vulnerability management program that ensures vulnerabilities are detected, assessed for severity, and remediated in accordance with Company policies.
• Lead efforts to ensure application security is effectively incorporated into the SDLC. Drive efforts to incorporate threat intelligence into all information security processes, with a bias towards actionable intelligence.
• Partner with engineering teams to ensure that secure coding practices are implemented in accordance with application security standards. Conduct regular security assessments of applications to identify vulnerabilities and work with development teams to address findings.
• Manage engagements with third-party penetration testing vendors to assess the security posture of MoneyGram infrastructure and applications. Collaborate with security architects to ensure MoneyGram systems align with company information security policies and standards.
• Keep abreast of new and evolving security threats to ensure the Company remains adequately protected.
• Consults with business partners on security matters to ensure security efforts are aligned across the enterprise.
• Responds to regulatory and audit requests to support compliance initiatives.
• Performs other duties as assigned.

Education

Minimum Required:

• Bachelor's degree in computer science, Information Security or a related field; or equivalent experience.
• Certified Information System Security Professional (CISSP), CISA, CISM or equivalent certifications desired.

Experience

Minimum Required:

• 8+ years' Information Security experience.
• 2+ years' experience managing direct reports; includes employee selection, motivation, coaching, and providing timely defensible constructive feedback.

Skills

Minimum Required:

• Proven experience in information security domains of vulnerability management and application security.
• Knowledge of common security frameworks (NIST CSF, ISO) and regulatory requirements (PCI, GDPR, DORA)
• Technical expertise in application security tools and functions, including dynamic application security testing (DAST) and static application security testing (SAST)
• Hands-on experience with industry-leading vulnerability management tools such as Qualys, Nessus, or Rapid7, including configuration, tuning, and reporting.
• Deep understanding of common web application vulnerabilities (e.g., OWASP Top 10) and techniques for mitigating them.
• Familiarity with cloud security principles and best practices, particularly in assessing and securing cloud-based applications and infrastructure (e.g., AWS, Azure, GCP).

Benefits

• Flexible "Remote First" Environment
• Generous PTO
• 13 Paid Holidays
• Medical / Dental / Vision Insurance
• Life, Disability and other benefits
• 401K with competitive employer match
• Community Service Days
• Generous parental leave

Salary

Anticipated Base Pay: $160K - $175K + participation in our annual bonus plan.

Disclaimer

The salary/pay rate listed is a good faith determination that may be offered to a successful applicant for this position at the time of this job advertisement based on company hiring process and budget for this role and may be modified in the future. Actual compensation may vary from posting based on geographic location, work experience, education and/or skill level.

#LI-REMOTE