Manager of Information Security

Granite Telecommunications•Quincy, MA

About The Position

The Manager of Information Security leads Granite’s enterprise security program, ensuring the protection of corporate systems, applications, cloud platforms, and data across the entire business. This role drives the strategy, implementation, and continuous improvement of security policies, controls, and processes while enabling secure operations across IT, Engineering, Operations, Legal, and customer‑facing teams. It oversees vulnerability management, cloud security (GCP and AWS), identity and access management, application security, incident response, and third‑party risk, ensuring security is embedded into technology decisions and business initiatives. The position also maintains focused support for government‑related compliance activities, such as NIST‑based requirements and limited ATO documentation, representing a smaller but important portion of the role. Overall, the Senior Manager provides cross‑functional leadership to strengthen Granite’s security posture, reduce risk, and support the organization’s operational and strategic goals

Requirements

Bachelor’s degree in Computer Science, Information Systems, Information Assurance, or equivalent experience.
Eligibility to obtain and maintain Public Trust (Tier 2) or other federal security clearances.
Hands‑on experience implementing NIST SP 800‑53, NIST SP 800‑171, SOC 2, PCIDSS, RMF, and FISMA Moderate controls in enterprise environments.
Demonstrated experience with SSP writing, ATO packages, security assessments, and continuous monitoring activities.
Experience with cloud security in Google Cloud Platform (GCP) and Amazon Web Services (AWS). Familiarity with application security best practices (OWASP, SDLC integration, SAST/DAST scanning workflows).
Ability to interpret and communicate security requirements to engineering, legal, and operations teams.
Experience supporting vendor risk reviews, questionnaire responses, and assessment of third‑party security materials.
Experience with security controls in a converged infrastructure/virtual machine environment
Experience developing information system security plans, policies, and procedures for Local Area Network (LAN) information systems and wide area network (WAN) information systems
Strong cross‑team leadership, communication, and documentation skills.

Responsibilities

Oversee and manage Granite’s enterprise wide Information Security Program, ensuring protection of corporate systems, data, applications, cloud environments, and business operations across all departments (IT, Engineering, Legal, Ops, Customer facing teams).
Lead the development, implementation, and continuous improvement of corporate security policies, standards, procedures, and supporting governance documents.
Direct vulnerability management activities across infrastructure, cloud, and applications; coordinate remediation with engineering, DevOps, and operations teams; validate fixes through scanning and ongoing monitoring.
Oversee cloud security for GCP and AWS, ensuring secure configuration, access control, and alignment with best practices.
Drive secure architecture reviews, application security requirements, and SDLC security integration for internal products.
Partner with Engineering, Infrastructure, DevOps, and Network teams to evaluate system changes, cloud migrations, firewall updates, and new deployments to ensure security requirements and risk mitigations are properly addressed.
Lead incident response activities—coordinate triage, communicate with stakeholders, review root causes, and ensure corrective actions and preventative measures are implemented.
Manage enterprise identity and secrets programs, including MFA requirements, SSO implementation, service account lifecycle, least privilege enforcement, and secure credential rotation.
Guide third party risk management, review vendor documentation, determine required evidence levels, and assess security impact of new or ongoing vendors.
Provide security guidance and support for business processes, system enhancements, corporate initiatives, new integrations, and technology transformations across the organization.
Lead recurring enterprise security meetings to align IT, Engineering, Legal, Audit, and business leaders on priorities, risks, and remediation activities.
Ensure proper data handling practices across the business, including the identification and removal of sensitive or regulated data from email, local drives, Teams, and other systems.
Support corporate continuity and resilience activities, including business impact analysis, response planning, and readiness validation.
Provide accurate, timely responses to security questionnaires, proposals, and customer inquiries across business units; contribute security content for RFPs, audits, and partner assessments.
Maintain compliance for federal BSS/GBSS systems under NIST SP 800 53 / 800 171 and GSA requirements; update SSPs; and support ATO assessments as needed.
Provide federal agencies (e.g., GSA, DARPA) with required security documentation, system diagrams, and responses when requested.
Perform other duties as required
Obtain/retain a government security clearance as may be required to perform the duties of the position

Benefits

Our offices have onsite fully equipped state of the art gyms for employees at zero cost.
Our company's insurance package includes health, dental, vision, life, disability coverage, 401K retirement with company match, childcare benefits, tuition assistance, and more.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume