Description

Photonic is seeking an experienced Senior Manager, Information Security to establish, enhance and lead our security program. This role will work closely alongside our existing IT team to strengthen the organization’s overall technology posture through a structured, collaborative approach to security, risk management, and operations.

This position introduces a dedicated security function, creating clear ownership and effective checks and balances across infrastructure, systems, and access.

This role operates as an independent security function, working in close partnership with IT to ensure balanced, well-governed technology decisions.

WHAT WE NEED YOU TO DO

Security Leadership & Strategy

• Evaluate the organization’s existing information security program and develop a strategic plan for improvement in a rapidly growing deep tech environment
• Work with business leaders to establish security priorities aligned with the business objectives and compatible with risk tolerance
• Provide expert guidance to leadership on security risks, trade-offs and investments

Security Operations & Incident Response

• Own and continuously improve the organization’s incident response capabilities
• Lead coordination and response during security events
• Conduct post-incident reviews and drive improvements across systems and processes

MDR / SOC Ownership

• Evaluate, onboard, and manage a third-party MDR provider (e.g., Arctic Wolf or equivalent)
• Define alerting, escalation, and response workflows in collaboration with IT
• Ensure effective monitoring across endpoints, identity systems, and infrastructure

Security Architecture & Controls

• Define and maintain baseline security standards across:
• Identity and access management
• Endpoint protection
• Logging and monitoring
• Partner with IT to implement controls in a scalable and operationally practical way
• Provide security input into infrastructure and system design decisions
• Define and run a vulnerability management program (asset coverage, scanning, prioritization, remediation tracking, and patch governance) in partnership with IT

Identity & Access Governance

• Establish and enforce identity security practices, including MFA and conditional access
• Define access models and privileged access controls
• Oversee governance of external/guest identities and third-party access

Risk, Compliance & Reporting

• Maintain a security risk register and prioritized remediation roadmap
• Provide regular reporting to senior leadership on security posture, risks, and priorities
• Support customer, partner, and regulatory security requirements as needed
• Own and maintain security policy, standards, and exception/risk acceptance governance processes
• Establish and manage a third-party/vendor risk management process

Cross-Functional Collaboration

• Work alongside the IT team to implement security controls and improvements
• Establish clear separation of responsibilities between security and IT operations
• Contribute to a culture of shared accountability, transparency, and continuous improvement
• Own and maintain our security awareness and training program (onboarding, annual refreshers, and phishing simulations)

WHAT YOU BRING TO OUR TEAM

Required:

• 10+ years in information security, IT security, or related roles
• Demonstrated experience building, leading, or maturing a security program in a mid-sized organization
• Strong hands-on experience with:
• Microsoft 365 / Entra ID security
• Endpoint detection and response (EDR/XDR) platforms
• Incident response and forensic workflows
• Experience selecting and managing MDR/SOC providers
• Proven ability to operate independently and influence cross-functional teams

Preferred:

• Experience in hybrid IT environments (cloud + on-prem)
• Familiarity with security frameworks (NIST CSF, ISO 27001, CIS)
• Background i