Information Security & Compliance Manager

Job Title: Manager, Information Security & Compliance
Reports to: Sr. Director of Technology Operations & Information Security Officer
FLSA: Exempt
EEO: Professional
Manages others: Yes
Location: Remote or Hybrid
Department: Technology Operations
ADP Job Code: 310-19

General Job Description

The Manager, Information Security & Compliance leads all security engineering and compliance operations at WPS, ensuring the confidentiality, integrity, and availability of systems and data. This is a hands-on technical role that oversees vulnerability management, SIEM operations, incident response, identity security, secure configurations, cloud security architecture, and disaster recovery.

The Manager leads the Compliance Engineer and oversees the company's compliance program, ensuring that security practices and technical controls align with SOC 2, HIPAA, GDPR, CCPA, customer requirements, and any future regulatory or industry frameworks required by WPS. This role sets security priorities, governs security standards, and ensures that all IT systems, including endpoints, identity, infrastructure, and cloud environments, operate securely and in compliance with regulatory and contractual obligations.

This role also owns WPS's Disaster Recovery (DR) program, including planning, governance, testing, and continuous improvement of recovery capabilities across systems, infrastructure, and cloud environments.

This role is both strategic and hands-on, requiring direct technical involvement in security engineering and incident response.

This position is central to WPS's IT security strategy, risk management, and audit readiness and reports to the Sr. Director & Information Security Officer.

Essential Responsibilities

Security Engineering & Operations

• Own vulnerability management, SIEM tuning and monitoring, incident response, and threat investigation.
• Maintain secure baseline configurations (CIS, hardening standards).
• OverseeAWS security controls, including IAM governance, cloud logging, encryption standards, network security boundaries, and enforcement of cloud security guardrails.
• Design and approve security controls for new systems, infrastructure changes, and applications.
• Govern identity security, privileged access, MFA enforcement, and periodic access reviews.
• Provide security oversight for DevOps pipelines and cloud deployments.

Security Governance & Policy

• Own all security policies, standards, procedures, and security awareness training.
• Lead annual risk assessments, security reviews, and third-party/vendor risk management.
• Ownthe Disaster Recovery (DR) governance program, including planning, documentation, tabletop exercises, and driving remediation, while partnering with Infrastructure on technical DR execution.
• Manage data protection and data classification practices.
• Track and reportsecurityKPIs, risks, and initiatives to the ISO.
• Run regular security governance meetings and guide cross-functional alignment.

Compliance Program Oversight

• Leadthe Compliance Engineer and review all work for accuracy and completeness.
• Approve technical controls, evidence, and audit documentation.
• EnsureIT systems meet required technical controls across SOC 2, HIPAA, GDPR, CCPA, and other applicable regulatory or customer-driven frameworks.
• Act as the technical owner during internal/external audits.
• Define evidencerequiredfromITandnon-IT WPSteams.
• Manage corrective actions, POAMs, and remediation plans.
• Review customer security questionnaires with the Compliance Engineer.

Collaboration With Infrastructure & DevOps

• Securitydefines security requirements and works closely with Infrastructure to implement the necessary configurations, remediations, and technical controls.
• Partner with the Infrastructureteamto ensure DR plans, runbooks, and technical recovery processes are implemented and tested effectively.
• Security reviews and approves changes thatimpactsecurity posture.

Program Development & Future Maturity

• Advance detection engineering, automation, and threat visibility.
• Implement stronger security controls to support company and platform growth.
• Lay groundwork for future expansion of the security/compliance function.

Position Requirements (Skills, Knowledge, Abilities)

Education & Experience

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or equivalent experience preferred.
• 5+ years of hands-on IT security engineering or cybersecurity engineering experience.
• Experience leading security or compliance functions.
• Strong technical experience in SIEM, AWS security, vulnerability management, identity security, incident response, and disaster recovery.
• Strongproficiencywith AWS security architecture, IAM, cloud logging, and security guardrails.
• Working knowledge of SOC 2, HIPAA, GDPR, and CCPA compliance frameworks.

Skills & Competencies

• Strong understanding of security architecture, secure configurations, and cloud security.
• Excellent judgment and risk evaluation skills.
• Ability to translate regulatory requirements into executable technical controls.
• Strong communicationskills for cross-functional work and audit interactions.
• Ability to mentor and develop team members.
• Strong analytical and troubleshooting skills.

WPS IS AN EQUAL OPPORTUNITY EMPLOYER AA M/F/V/D.
We proudly hire U.S. Military Veterans, and those qualified are encouraged to apply.

Equal Employment Opportunity is The Law. | Pay Transparency Nondiscrimination Provision

At this time, WPS is unable to provide visa sponsorship.
We use E-Verify and submit information from each new employee's Form I-9 to confirm work authorization.