IT Security Manager

Founded in 1948, BMS CAT has a long standing reputation as a leader in the restoration industry. From initial clean-up to complete rebuilds, BMS CAT is there every step of the way. We work on anything from multi-million dollar commercial projects to several thousand dollar residential losses and everything in between. We are a team built on high energy, high performing individuals who work together to maintain BMS CAT as an industry leader.

Summary

The IT Security Manager is responsible for leading the development and execution of the brand’s cybersecurity strategy, ensuring scalable and resilient protection across our fast-growing enterprise. This role will design, implement, and manage comprehensive security frameworks and programs that support both cloud (AWS) and on-premises environments.

This role will provide strategic and operational leadership in safeguarding brand systems, guest data, and digital assets - critical to supporting our store operations, franchise partners, and guests. The position requires strong leadership capabilities and deep expertise in modern security practices, regulatory compliance, risk management, and Agile methodologies. The Manager will work closely with IT, cross-functional business stakeholders, and external partners to maintain a proactive, business-aligned cybersecurity posture that supports innovation, compliance, and guest trust.

Essential Functions

• Develop, implement, and manage the brand’s information security strategy, policies, standards, and procedures. 
• Lead security initiatives across cloud (AWS and Azure) and on-premises environments, ensuring alignment with business objectives and industry best practices. 
• Manage security monitoring solutions and incident response processes to quickly identify, mitigate, and remediate security threats. 
• Coordinate regular security audits, penetration testing, and vulnerability assessments to proactively manage and mitigate risks. 
• Oversee compliance efforts, including PCI DSS, GDPR, and other applicable regulations. 
• Collaborate with infrastructure and application teams to embed security controls into all aspects of technology operations and software development lifecycles. 
• Lead cybersecurity training and awareness initiatives across the organization to foster a culture of security awareness and compliance. 
• Develop and implement third-party risk management processes to assess and mitigate risks from vendors and partners. 
• Establish key performance indicators (KPIs) and regularly report on the effectiveness of security measures to senior leadership. 
• Utilize Agile methodologies to prioritize and manage security projects, ensuring timely and effective delivery. 
• Manage the security budget effectively, optimizing investments to achieve maximum impact and protection. 
• Mentor team members, fostering professional growth, collaboration, and a high-performance security culture. 
• Stay informed about the latest cybersecurity trends and continuously refine strategies and processes to enhance security posture.

Experience and Skill Requirements

• Deep understanding of security frameworks, including NIST, CIS Controls, ISO 27001, and compliance requirements such as PCI DSS and GDPR. 
• Extensive hands-on experience with cloud security (AWS & Azure), including identity and access management, cloud security controls, and monitoring. 
• Experience with on-premises security infrastructure, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection (EDR), and secure network architecture. 
• Demonstrated experience leading security audits, vulnerability assessments, penetration testing, and incident response activities. 
• Proven experience managing third-party risk assessment programs and vendor management processes. 
• Proficiency in Agile project management methodologies, sprint planning, and iterative delivery processes. 
• Excellent leadership, people management, coaching, and mentoring skills. 
• Proven track record of effective budget management and resource allocation for security initiatives. 
• Exceptional communication and collaboration skills, capable of engaging stakeholders at all organizational levels. 
• Relevant certifications such as CISSP, CISM, CCSP, Azure Security Engineer Associate, or equivalent are highly preferred. 
• A proactive mindset with a passion for continuous learning, security innovation, and protecting business assets. 
• Promote the culture, values, and mission of BMS CAT. 

Qualifications

• Bachelor’s degree in information security, Cybersecurity, Computer Science, Information Technology, or a related technical field required, a master’s degree in Cybersecurity, IT Management, or Business Administration, plus. 
• Minimum of seven (7) years of progressive experience in cybersecurity roles, including at least three (3) years of experience leading security programs, projects, or teams. 
• Demonstrated success in building, implementing, and managing security frameworks across hybrid (cloud/on-prem) environments in a multi-location, enterprise setting. 
• Hands-on experience managing compliance with relevant standards and regulations, such as PCI DSS (especially relevant for QSR/retail), GDPR, SOX, or HIPAA. 
• Experience working within Agile or DevSecOps environments to integrate security into continuous development and operations processes. 

Relevant security certifications are highly preferred, including but not limited to:

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CCSP (Certified Cloud Security Professional)
• CompTIA Security+ or equivalent

Why BMS CAT?

We provide fully paid medical insurance for our employees, optional dental and vision insurance, core paid holidays, accrued PTO, a 401 (k) plan and much more. Your compensation will vary by experience level. This can be discussed during the first interview.

If this sounds like you, please APPLY TODAY!

BMS CAT is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.