This is a remote position.
Position Title: Manager, Cyber Security
Base Salary: $114,400 to $170,000 annually DOE
Bonus: Target annual bonus
Benefits: Medical, dental, vision, 401k, flexible spending account, paid sick leave and paid time off, parental leave, quarterly performance bonus, training, career growth, and education reimbursement programs.
Ziply Fiber is a local internet service provider dedicated to elevating the connected lives of the communities we serve. We offer the fastest home internet in the nation, a refreshingly great customer experience, and affordable plans that put customers in charge.
As our state-of-the-art fiber network expands, so does our need for team members who can help us grow and realize our goals.
Our Company Values:
Job Summary
The Manager, Cyber Security is a decisive leader responsible for building, driving, and enforcing a rigorous cybersecurity strategy that protects the organization’s digital assets, systems, and sensitive information against an increasingly complex threat landscape. The successful candidate brings deep cybersecurity engineering expertise together with exceptional leadership, management, and mentorship capabilities. This role extends far beyond people supervision; it carries enterprise-wide responsibility for strategic security planning, cross-functional leadership, executive advisement, and the development, execution, and enforcement of a comprehensive security framework. The Manager, Cyber Security is directly accountable for strengthening the organization’s security posture through continuous monitoring, regulatory compliance, operational discipline, and ongoing innovation aligned to business and risk objectives.
Essential Duties and Responsibilities:
The Essential Duties and Responsibilities listed below are a range of duties performed by the employee and not intended to reflect all duties performed.
People Leadership & Talent Management
· Lead, supervise, and mentor a team of cybersecurity analysts and engineers.
· Assign tasks, monitor performance, and ensure the team meets its objectives efficiently.
· Foster a culture of continuous learning by providing training, certifications, and knowledge-sharing opportunities.
· Conduct performance evaluations and recommend career development plans for team members.
· Recruit, develop, and retain top cybersecurity talent.
Cybersecurity Strategy, Governance & Program Management
· Design a multi-year cybersecurity strategy that aligns with organizational goals and technological advancements.
· Define measurable goals and KPIs to track security program success.
· Present the strategy to executive leadership and adjust based on feedback and evolving business needs.
· Develop, implement, and maintain security policies, standards, and guidelines.
· Regularly review and update policies to stay ahead of emerging threats and regulatory requirements.
· Create and manage the cybersecurity budget, ensuring investments are aligned with organizational priorities.
· Identify opportunities to optimize costs while maintaining strong security standards.
Risk Management, Compliance & Third-Party Security
· Lead periodic organization-wide risk assessments, vulnerability scans, and threat analyses.
· Create detailed risk profiles for business units, prioritizing risks based on likelihood and potential impact.
· Develop risk mitigation plans that integrate seamlessly into operational processes.
· Ensure implementation of controls for physical, cloud, and network infrastructures.
· Oversee security audits for vendors, contractors, and third-party partnerships.
· Establish criteria for vendor selection based on security posture.
· Ensure compliance with data protection laws, such as GDPR, HIPAA, or local equivalents.
· Ensure adherence to industry standards and regulations (e.g., NIST CSF, ISO 27001, SOX, PCI DSS).
Incident Response, Business Continuity & Disaster Recovery
· Establish and regularly update an Incident Response Plan (IRP) that addresses various scenarios, including ransomware, DDoS attacks, and data breaches.
· Lead cross-functional teams during incidents to minimize business disruption.
· Ensure detailed post-incident reports with root cause analyses and recommendations for improvement.
· Partner with IT and operations teams to integrate cybersecurity into disaster recovery and business continuity plans.
· Test and refine plans through simulations and tabletop exercises.
Security Operations, Architecture & Technology Enablement
· Manage SOC activities, ensuring 24/7 monitoring, detection, and response capabilities.
· Evaluate and implement advanced technologies like AI-driven threat detection and zero-trust architectures.
· Oversee the deployment and maintenance of security technologies, including firewalls, IDS/IPS, EDR solutions, and SIEM platforms.
· Ensure robust security configurations across all systems, including cloud services, IoT devices, and mobile endpoints.
· Implement encryption, tokenization, and DLP (Data Loss Prevention) systems to safeguard sensitive data.
Awareness, Cross-Functional Partnership & Reporting
· Develop executive-level reports that track security metrics, risk scores, and incident trends.
· Create and lead cybersecurity awareness training programs for all employees.
· Measure effectiveness through phishing simulations and employee engagement metrics.
· Act as a key partner to IT, legal, compliance, HR, and other departments to ensure security is embedded across the organization.
· Participate in major project planning to identify and address security implications early.
Other Duties
· Must be available to work regular business hours Pacific Standard Time.
· Must also be available to work on-call, evenings and weekends as needed.
· Performs other duties as required to support the business and evolving organization.
Required Qualifications:
· High school diploma or GED.
· Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a closely related technical field. Equivalent professional experience may be accepted in lieu of formal education.
· CISM, CISSP, CEH, or comparable cybersecurity certifications.
· Minimumof ten (10)yearsofexperience as a cyber security engineer withatleast five (5)years of experience leading a cyber security team.
· Provenhands-onexperiencesecuringITinfrastructures,performingvulnerabilitymanagement, and overseeing incident response.
· Minimumof ten (10) yearsofexperienceimplementingormanagingsecurityframeworkssuchas NIST CSF, ISO 27001, or CIS benchmarks.
· Proficientinnetworksecuritypractices,includingfirewalls,VPNs,intrusiondetection/prevention systems (IDS/IPS), and endpoint protection solutions.
· ExperiencewithsecurityoperationstoolssuchasSIEMplatforms,vulnerabilityscanners,and penetration testing utilities.
· PracticalknowledgeofconfiguringandmanagingDNS,DHCP,andidentitymanagementtools (e.g., LDAP, Active Directory).
· Familiaritywithsystemhardeningguides,suchasCISControls,DISASTIGs,orUSGCB.
· Skilledindeveloping,documenting,andmaintainingsecuritypolicies,standards,andincident response plans.
· Demonstratedabilitytoconductsecurityaudits,assesscompliance,andrecommend improvements.
· Abilitytoleadandmentortechnicalstaff,fosteringacultureofcollaborationandcontinuous improvement.
· Experiencewithcloudsecurityplatforms(e.g.,AWS,Azure,GoogleCloud).
· Knowledgeofemergingthreats,threatintelligence,andadvancedattackmitigationtechniques.
· FamiliaritywithDevSecOpspracticesorsecuresoftwaredevelopmentlifecycle(SDLC).
Knowledge, Skills, and Abilities:
· Proven ability to manage small teams or projects with limited resources.
· Strong interpersonal skills to collaborate with IT and business stakeholders.
· Ability to write and enforce basic security policies and procedures.
· Strong organizational, multi-tasking, and prioritizing skills.
· Ability to work independently and apply sound judgment and reasoning skills to a variety of situations, multi-task and collaborate effectively with other personnel to meet deadlines.
· Ability to work within critical deadlines.
· Ability to communicate effectively across multiple large organizational structures (Verbal / Email / TXT).
Work Authorization
Applicants must be currently authorized to work in the US for any employer. Sponsorship is not available for this position.
Physical Requirements
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Essential and marginal functions may require maintaining physical condition necessary for bending, stooping, sitting, walking, or standing for prolonged periods of time; most of time is spent sitting in a comfortable position with frequent opportunity to move about. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by the job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.
Work Environment
Work is performed in an office setting with exposure to computer screens and requires extensive use of a computer, keyboard, mouse, and multi-line telephone system. The work is primarily a modern office setting.
At all times, Ziply Fiber must be your primary employer. Unless otherwise prohibited by law, employees may not hold outside employment nor be self-employed without obtaining approval in writing from Ziply Fiber. In holding outside employment or self-employment, employees should ensure that participation does not conflict with responsibilities to Ziply Fiber or its business interests.
Diverse Workforce / EEO: