Information Security Manager

Rea is a growing Top 100 business advisory & accounting firm providing our clients services in tax, accounting, and business consulting. We have a ‘People First’ culture and we focus on our employees’ well-being and professional development. With over 400 professionals and locations throughout Ohio, our firm has a culture that respects a work-life balance for our team. We also provide competitive compensation and a robust benefits plan.

The Information Security Manager is responsible for overseeing and improving the firm’s information security program to protect systems, data, and infrastructure. This role focuses on managing security risk, compliance, incident response, and continuous improvement of security posture. The Information Security Manager collaborates cross-functionally with IT and other business and practice areas to implement effective security controls and foster a culture of security awareness.  

Responsibilities

• Develop, implement, and maintain the firm’s information security program and initiatives roadmap 

• Develop, implement, maintain, and monitor security policies, procedures, and standards in alignment with industry best practices and regulatory requirements 

• Conduct regular risk assessments, vulnerability scans, and security reviews to identify and mitigate potential threats and vulnerabilities 

• Identify, build, and implement data protection processes and technologies 

• Work with the firm’s third-party service providers to help manage firm information security risk 

• Coordinate the firm’s incident response efforts, including investigation, documentation, communication, and post-incident analysis 

• Evaluate and recommend security tools and technologies to enhance protection and visibility 

• Manage the third-party risk program, including vendor security assessments and reviews 

• Maintain compliance with applicable laws, regulations, and contractual obligations by leading audits, gap analyses, and remediation efforts 

• Lead security awareness training initiatives and phishing simulations to educate employees and promote secure behavior 

• Collaborate with IT teams to ensure secure configuration and management of systems, networks, and cloud environments 

• Track, report, and present security metrics to leadership and stakeholders 

• Serve as the internal subject matter expert on cybersecurity, privacy, and data protection 

• Other duties as assigned 

Knowledge, Skills, and Abilities

• Expert-level understanding of information security risks and controls, including the zero-trust model 

• Advanced knowledge of information security audit and assessment methodologies and best practices 

• Expert-level knowledge of information security frameworks, risk management, and incident response 

• Strong experience with security tools and platforms (e.g., vulnerability scanners, firewalls, endpoint protection)  

• Strong understanding of security principles in cloud (e.g., Azure, AWS), on-prem, and hybrid environments 

• Thorough understanding of compliance programs (e.g., SOC 2, HIPAA) 

• Ability to stay current with emerging technologies and architectures 

• Solid understanding of IT enterprise architecture in a security context 

• Highly self-motivated 

• Exceptional written, oral, interpersonal, and presentational skills 

• Strong analytical and trouble-shooting abilities 

• Keen attention to detail 

• Ability to effectively prioritize and participate in simultaneous projects of moderate to high complexity 

• Knowledge of analysis, requirements gathering, and industry best practices and tools 

• Ability to effectively communicate between business and IT stakeholders 

• Ability to use discretion and handle confidential information 

• Post-secondary education in the field of computer science, information systems, networking, information security, or related discipline 
• 5+ years of full-time work experience in cybersecurity, information security, or information technology preferred  
• Preferred: CISSP, CISM, CISA, Security+  certification

Rea offers a wide variety of benefits to help support our employees' health, wellness and financial goals.

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Holidays)
• Four (4) weeks PTO
• Twelve (12) paid holidays, of which three (3) are floating holidays
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development
• Wellness Resources

Rea does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from Rea’s Talent team. Pre-approval is required before any external candidate can be submitted. Rea will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.