Cybersecurity Manager

About the Role

We are seeking a seasoned Cybersecurity Manager with a proven ability to drive organizational change and safeguard Lumenalta's long-term success. In this role, you will lead risk assessment and communication strategies for software and infrastructure vulnerabilities while working cross-functionally to detect, prioritize, and remediate risks. You will also optimize the vulnerability management lifecycle through advanced continuous scanning and rigorous patch management.

What You'll Be Doing

• Manage operational security controls, risk, and governance frameworks, and InfoSec principles to ensure the confidentiality, integrity, and availability of all data assets.
• Identify emerging threats and vulnerabilities, implementing appropriate countermeasures and mitigations through advanced detection technologies and governance frameworks.
• Provide subject matter expertise to internal stakeholders and collaborate with security partners to stay ahead of industry technologies and evolving threats.
• Remove team impediments by working collaboratively with stakeholders to proactively manage risks, issues, or delays.
• Deliver the InfoSec technology roadmap, ensuring all regulatory obligations (such as DPA, GDPR, PCI DSS, SOC1/2, and ISO27001) are met in line with industry best practices.
• Shape ongoing cybersecurity strategy and oversee comprehensive programs for vulnerability and patch management.
• Define and review key security performance indicators and develop reports for management updates using program performance metrics.
• Build, develop, and maintain cybersecurity policies and processes while optimizing tools to respond to future security threats.
• Analyze security data continuously to detect external and internal threats and prepare the business for seamless "Go Live" events.

What We're Looking For

• Experience: 5–8+ years in cybersecurity with demonstrated ownership of production systems at scale.
• Technical Skills: Strong working knowledge of AWS security services (Security Hub, Control Tower, Organizations, SCPs, IAM) and AI/ML tools like Macie and Guard Duty.
• Risk & Compliance: Deep understanding of risk assessment methodologies and compliance requirements, including DPA, GDPR, PCI DSS, SOC1/2, and ISO27001.
• Leadership: A proven track record of mentoring engineers, driving technical decisions, and raising team-wide standards.
• Communication: Ability to effectively convey complex technical information to non-technical stakeholders and executives through reports, policies, and training.
• Adaptability: Comfortable navigating ambiguity and leading through rapid iteration cycles.
• Third-Party Management: Experience managing third-party suppliers and maintaining corporate awareness of current InfoSec issues.

Desirable Qualifications

• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Professional (OSCP)

Key skills/competency

• Risk Assessment
• Vulnerability Management
• AWS Security Services
• GDPR
• PCI DSS
• ISO27001
• Security Strategy
• Leadership
• InfoSec Governance
• Threat Detection