What Does An IT Security Manager Do?

WHAT DOES AN IT SECURITY MANAGER DO?

Published: Nov 04, 2025 - The Information Technology (IT) Security Manager supervises the Security Assurance team and manages the information security risk assessment process, ensuring application vulnerabilities are identified, assessed, and addressed. This role oversees relationships with internal partners and outsourced service providers while leading projects to implement application vulnerability management technologies. The manager contributes to regulatory audits, recommends improvements to configuration standards, and enforces security measures based on business risk.

A Review of Professional Skills and Functions for IT Security Manager

1. IT Security Manager Duties

Compliance Management: Manage compliance against multiple standards including PSPF, ISM, and ISO 27001.
Certification Maintenance: Achieve and maintain agreed certifications for the team and/or contribute to the organization’s ability to achieve certifications that encompass the team’s delivery.
Governance Development: Lead the development and management of a mature governance model.
Risk Management: Manage corporate risks for the organization, particularly service delivery risks.
Audit Management: Manage internal and external audits including scoping and participation.
Customer Engagement: Engage with customers to articulate the benefit of Sliced Tech as a provider as a result of certifications and compliance.
Compliance Support: Assist Customer Engagement and Service Delivery teams in understanding and implementing compliance requirements.
Policy Development: Manage the development of policies and processes that achieve compliance with agreed standards, and monitor compliance with these policies and processes.
Process Ownership: Develop and own processes that enable Sliced Tech to maintain secure systems.
Operational Support: Assist service delivery, operations, and customer engagement teams with developing supporting processes.
Security Response: Respond to queries regarding security and compliance from customers, partners, and auditors.

2. IT Security Manager Details

Vulnerability Management: Manage the security vulnerabilities and risks across the organization, including identifying and supporting application/system owners to manage risks and remediate vulnerabilities.
Policy Analysis: Analyze AJG server and workstation policies and configurations and evaluate compliance with regulations and enterprise directives.
Technical Leadership: Provide leadership and hands-on technical direction for engineering staff to deliver problem-solving, tactical, and break-fix capabilities.
Risk Mitigation: Work closely with both business-oriented executives and lead technology-oriented personnel to ensure adequate processes are in place and actions are being taken to mitigate identified risks proactively.
Program Reporting: Maintain appropriate management reporting mechanisms to facilitate communication of the program status across multiple levels within the organization.
Gap Identification: Identify gaps between the patch management system and business-related applications and programs that require upkeep.
Security Collaboration: Work with the Security team to provide feedback and guidance on how to utilize Qualys for AJG’s best outcome.
Task Scheduling: Schedule daily and weekly assignments with the engineering team and ensure the CAB process is effectively used.
Issue Resolution: Investigate problems and escalate to other departments, divisions, and vendors to find appropriate solutions to issues and customer requests.

3. IT Security Manager Responsibilities

Security Administration: Administer and manage security engineering solution design assignments in Endpoint, Email, Servers, and Network Security tools.
Service Support: Support Endpoint, Email, Network, Data, and Identity and Access Management (IAM) security service and change management processes across the organization.
Event Monitoring: Monitor and investigate security events and metrics that impact the organization’s posture and collaborate with the SOC and vendors on the technicalities of security issues and the latest trends.
Stakeholder Coordination: Work with internal and external stakeholders and vendors for the completion of assignments.
Change Review: Attend Change Application Board meetings to review changes to business infrastructure against Information Security Standards and Policy.
Vulnerability Testing: Conduct internal penetration testing and vulnerability scanning, and understand the remediation needed to be done.
Security Assessment: Conduct continuous assessments of current IT security practices and systems and identify areas for improvement.
Security Advisory: Provide security advisory to the project team on IT security best-practice guidelines and participate during project delivery as part of the IT security operation handover process.
Forensic Investigation: Lead technical and forensic investigations into security breaches, including how the breach happened and the extent of the damage.
Threat Reporting: Prepare security threat reports and recommendations.
Policy Compliance: Ensure all IT security policies and procedures are adhered to accordingly at all times.
Documentation Accuracy: Ensure all documentation releases are accurate and complete, and in accordance with department policies and procedures.
Standard Maintenance: Document and maintain IT security standards, procedures, and work instructions.

4. IT Security Manager Job Summary

Organizational Leadership: Lead and enhance an organization that is capable of achieving its defined mission, including talent development, succession management, and team building.
Partnership Management: Establish and maintain excellent working relationships and collaboration partnerships with the management team throughout the Generation, Substation, PowerSecure, and Southern Power organizations as well as the Technology Organization.
Executive Communication: Communicate and brief executive management regarding Generation, Substation, PowerSecure, and Southern Power security and compliance risk, posture, threats, remediation, implementations, and incidents.
Cross-Functional Collaboration: Work with IT and business units across Southern Company to deliver on business requirements, especially as they pertain to cybersecurity and compliance risk and mitigation.
Cybersecurity Leadership: Lead IT cybersecurity engineering, implementation, and support for Generation, Substation, PowerSecure, and Southern Power.
Financial Management: Perform capital expense and operating expense financial management for the organization and across business units for project implementations.
Technology Guidance: Provide guidance, direction, and decision-making when it comes to the selection and support of security technologies used by the organization as well as Generation, Substation, PowerSecure, and Southern Power.
Compliance Leadership: Lead the technology efforts to comply with NERC CIP and other applicable standards for Southern Company Operations.
Project Implementation: Provide leadership for the design and implementation of Southern Company Generation, Substation, PowerSecure, and Southern Power cybersecurity projects to protect control system cyber assets.

5. IT Security Manager Accountabilities

Team Leadership: Lead the team to deliver security services to customers as per the contract.
Policy Development: Develop and enhance security policies, requirements, and processes.
Compliance Guidance: Guide the service/platform owner to understand and comply with security requirements and standards, e.g., Patch Management, Security Health Checking Management.
Issue Support: Act as a primary support contact for security issues.
Policy Implementation: Implement and ensure compliance with security policies, requirements, and processes.
Issue Tracking: Track, monitor, and work with platform/system service providers/owners to close deviations and non-compliance issues.
Status Reporting: Summarize and report the security status, including presenting to the customer.
Process Improvement: Enhance the existing reporting and improve processes/procedures to be more efficient.
Risk Management: Execute and advise the team on IT security issues and risk management.
Audit Support: Support all internal and customer audits.
Security Awareness: Conduct ongoing security process education and awareness.

6. IT Security Manager Functions

Compliance Support: Assist hotels with the implementation of tools and methodologies to ensure ongoing compliance for PCI, GDPR, and other key laws.
Regulatory Knowledge: Maintain current knowledge of applicable international, federal, and state privacy laws and accreditation standards.
Technology Monitoring: Monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.
Awareness Promotion: Work with the hotel management team to ensure awareness of “best practices” on privacy and data security issues.
Leadership Role: Serve in a leadership role for hotel activities regarding security and compliance matters.
Policy Collaboration: Collaborate on cyber privacy and security policies and procedures creation, deployment, and implementation.
Strategic Planning: Interface with senior management to develop strategic plans for the collection, use, and sharing of information in a manner that maximizes its value while complying with applicable privacy regulations.
Privacy Liaison: Serve as the information privacy liaison for users of technology systems.

7. IT Security Manager Job Description

Department Liaison: Act as a liaison to the information systems department.
Program Leadership: Provide leadership for hotel privacy and compliance programs.
Framework Development: Collaborate with the Corporate IT Security team to develop and coordinate a risk management and compliance framework.
Procedure Management: Collaborate to develop and manage enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations.
Project Leadership: Provide leadership in the planning, design, and evaluation of compliance, privacy, and risk-related projects for hotels.
Program Revision: Periodically revise the privacy program in light of changes in laws, regulations, or company policy.
Impact Assessment: Conduct periodic information privacy impact assessments and ongoing compliance monitoring activities at the hotel level.
Plan Review: Review all system-related information security plans to ensure alignment between security and privacy practices.

8. IT Security Manager Overview

Project Management: Help build the second location of an already very successful crypto startup
IT Security: Determine and implement IT security from scratch
Risk Compliance: Develop yourself into an expert in matters of MaRisk, BAIT, and business continuity management
Information Security: Develop and maintain the Go1 ISMS
Compliance Monitoring: Measure and report upon compliance with standards, processes and controls
Program Management: Define and manage programs of work (across technical and operational teams)
Regulatory Compliance: Achieve and maintain compliance status
Operations Management: Manage small programs of work across the Go1 technical and operational teams
Audit Management: Manage 3rd party audit, testing and certification partners and practices
ISO Certification: Manage the ISO27001 pathway

9. IT Security Manager Details and Accountabilities

Security Framework: Maintain and improve the IT security framework and controls
Policy Development: Define security policies and procedures and embed them into IT and business teams
Risk Management: Establish and embed IT risk management
Security Solutions: Identify leading-edge, fit-for-purpose security solutions and ensure implementation
Incident Response: Manage security incidents, respond to incidents and manage any resultant actions
Security Monitoring: Monitor, audit and report security issues and risks within the IT team, 3rd parties and wider business
Security Training: Train IT and business areas on IT security policies and procedures
Business Continuity: Develop and test the BCP plan with IT and business teams
Framework Compliance: Adhere to the security framework and ensure continual assessment
Control Assurance: Ensure controls are in place for security and monitor outputs with accurate MI

10. IT Security Manager Tasks

Program Execution: Drive the execution of the EMEA Information Security program in the region through work approaches
Policy Expertise: Develop deep program policy, process and tool subject matter expertise
Global Collaboration: Collaborate closely with the global program teams
Team Support: Support team members through training, governance and hands-on execution of the program in their countries
Goal Setting: Determine clear annual program goals and objectives
Program Reporting: Provide regular program updates to the Head of Information Security in the region
Local Support: Provide support to local teams
Project Compliance: Support technology and business projects, ensuring compliance with IT security policies, standards, and the MetLife technology stack

11. IT Security Manager Roles

Cross Collaboration: Partner with the architecture, engineering, application, security, and operational staff
Cloud Security: Identify and drive resolution on Cloud security projects and issues
Application Review: Coordinate the application security review program in the region
Security Assessment: Conduct security reviews and provide recommendations for on-prem applications as well as IaaS, PaaS, and SaaS Cloud environments
Issue Remediation: Monitor and support the remediation of issues arising from misconfigurations or improper coding practices
Technology Learning: Keep up to date and learn new technologies and Cloud platforms, understanding how security controls are implemented in the Cloud
Architecture Evaluation: Evaluate new applications, architecture designs, network security, and encryption protocols and make recommendations
Vendor Management: Interface with vendors to ensure appropriate tools, configurations, and workflows are in place
Team Development: Develop the information security professionals in the team

12. IT Security Manager Additional Details

Executive Support: Support the Director of Global IT Security at the MBCC Group
Security Consulting: Consult colleagues around the world on various aspects of IT security
Solution Development: Develop and improve IT security solutions for the MBCC Group, including state-of-the-art research, requirements analysis, solution design, procurement support, implementation coordination, evaluation, training material creation, and user training
Audit Support: Support security auditing activities in more than 60 legal entities worldwide
Vulnerability Monitoring: Continuously screen the latest IT security vulnerabilities, trends, and technologies and assess their impact on the MBCC Group
Supplier Governance: Support the coordination and governance of IT suppliers for the MBCC Group
Vulnerability Assessment: Carry out technical vulnerability assessments of IT systems and processes, identify potential vulnerabilities, recommend risk controls, and ensure regular implementation
Security Architecture: Create and maintain the enterprise’s cyber/security architecture design, training programs, and security documents
Threat Response: Review, remediate, and contain CAAS/SQ ITD-sanctioned info/cybersecurity threats and IT security breaches related to company infrastructure, IT operations, and network providers
Risk Mitigation: Oversee information security risks and carry out actions to mitigate identified risks
Financial Compliance: Conduct all financial matters associated with the role in accordance with company policies and procedures

13. IT Security Manager Essential Functions

Program Management: Manage all cyber technology domains including communications, stakeholder management, finances, and business change management
Program Communication: Work with key Cyber Tech team members to define, document, and communicate program initiatives and outcomes
Agile Implementation: Define and implement an effective program management model leveraging Agile methodology
Issue Escalation: Serve as a point of contact for escalations and follow-ups both in and out of IT Security
Committee Coordination: Organize the Program Steering Committee and ensure socialization of overall program objectives and expectations
Strategy Alignment: Work with Product Management, Product Owners, and other stakeholders to ensure alignment between strategy and execution
Objective Management: Aggregate Domain Objectives and publish them for visibility and transparency
Team Collaboration: Encourage collaboration between teams and System and Solution Architects, Engineering, and Operations teams
Decision Facilitation: Assist with economic decision-making by facilitating feature and capability estimation
Risk Management: Track and escalate impediments and manage risks and dependencies
Agile Coaching: Participate in Lean-Agile transformation, coaching leaders, teams, and Scrum Masters in new processes and mindsets
Workflow Optimization: Manage and optimize the flow of value through the program using tools such as Kanbans and information radiators (BVIRs)
Performance Coaching: Conduct performance appraisals of staff and provide career guidance through regular coaching
Team Leadership: Manage 10-12 Scrum Masters and Product Owners

14. IT Security Manager Role Purpose

ISMS Development: Responsible for the construction of the company's information security management system
Strategy Optimization: Formulate and optimize the overall strategy, system, and specifications
Global Collaboration: Collaborate closely with the IT information security department at group headquarters, integrating the group’s security requirements globally
Strategy Implementation: Responsible for the implementation of security strategies and processes, and continuously improve security standard maintenance
Risk Assessment: Responsible for safety risk assessments of business systems and operational processes
Process Optimization: Make optimization suggestions accordingly
Security Auditing: Organize regular information security audits and supervise the health of the security management system
Security Training: Improve user safety awareness and conduct regular user safety training
Development Standards: Establish security specifications for IT software development projects
Tool Implementation: Test tools and standards, and ensure implementation with relevant departments

15. IT Security Manager General Responsibilities

Ethical Hacking: Perform complex ethical hacking assessments and penetration testing against target systems, including mobile devices, servers, web services, web applications, and wireless networks
Threat Modeling: Conduct Threat Modeling to identify valuable assets, prioritize vulnerability and attack vectors associated with those assets, and address the most likely threats
Assessment Process: Define, document, and follow a structured process for conducting comprehensive ethical hacking assessments
Reporting Guidance: Produce detailed reports describing vulnerabilities/risks and provide concise guidance to stakeholders to support remediation
Developer Coordination: Coordinate with development and other application teams to provide mitigation recommendations, education, and ensure vulnerabilities are effectively resolved
Application Expert: Serve as an application security subject matter expert for projects
Infrastructure Investigation: Investigate infrastructure systems for evidence of a breach/malicious activities, backdoors, misconfigurations, etc.
AB Testing: Provide A/B Testing subject matter expertise to project team members
Offensive Security: Conduct multiple penetration testing activities spanning all categories of offensive and defensive security (Red Team, Network, Web Application, Client Side, Wireless, Social Engineering, Dumpster Diving)
Leadership Briefings: Present strategic-level briefings/products to Leadership
Incident Response: As a member of Quest’s Cybersecurity Incident Response Team (CSIRT), assist with Incident Response activities (investigation, mitigation, attribution) and other special projects
Security Research: Research the Company's systems, applications, network structure, and possible penetration sites

16. IT Security Manager Key Accountabilities

Program Development: Assist in the planning and development of an effective Cyber and Information Security Program that supports organizational security policies, strategic business objectives, and regulatory requirements
Policy Management: Manage the development and implementation of Cyber Security policies, standards, guidelines, and procedures to maintain the security of enterprise networks and systems
Project Compliance: Ensure new systems and projects are always run according to security guidelines and industry standards throughout the project life cycle
Threat Mitigation: Oversee the assessment, monitoring, and mitigation of threat sources and technical vulnerabilities to safeguard the business, systems, and data
Security Assessment: Manage periodic security assessments, vulnerability assessments, and business continuity tests in accordance with best industry practices
Cross Collaboration: Collaborate with business, IT, and operational teams to perform security assessments across different platforms and suppliers within the organization
Operational Reporting: Provide periodic management reports on key operational systems and applications, and coordinate actions to analyze problems for root cause and identify known issues
Security Metrics: Establish and deliver meaningful and actionable security metrics and reporting
Tool Recommendation: Identify and recommend tools, processes, software, and hardware to improve or replace current security infrastructure practices, services, or technologies to meet future requirements
Remediation Management: Manage and drive remediation efforts for incidents, penetration tests, vulnerability scans, and internal/external audits
Control Testing: Ensure tests of information security measures, including targeted penetration attacks and configurable or administrative control reviews
Process Engineering: Design and engineer internal information handling processes to protect information from unauthorized disclosure, use, modification, deletion, or unavailability
Data Security: Work with other departments and vendors to ensure that Data Security requirements are incorporated into the rollout of new systems

17. IT Security Manager Roles and Details

Staff Development: Coach, mentor, and develop staff, including overseeing new employee onboarding and providing career development planning and opportunities
Intrusion Analysis: Perform systems and network analysis of intrusions to the network infrastructure, applications, operating systems, firewalls, proxy devices, and malware detection
Information Gathering: Gather and organize technical information about the company's mission goals and needs, existing security products, and ongoing programs
Risk Analysis: Perform risk analyses, including comprehensive risk assessments
Vulnerability Mitigation: Perform vulnerability assessments and implement mitigation strategies
Security Planning: Provide support to plan, coordinate, and implement the organization's information security initiatives
Infrastructure Design: Identify the current security infrastructure and define future programs, designs, and implementation of IT system security
Action Management: Provide interface and information to the Systems Administrator team for the creation and resolution of the Plan of Action and Milestones
Technical Guidance: Provide highly technical and specialized guidance and solutions to complex security problems
Analytical Research: Perform elaborate analyses and studies
Report Preparation: Prepare reports and deliver presentations to upper management
Customer Interface: Interface with customers to reduce risk by managing vulnerability scans and remediation

18. IT Security Manager Responsibilities and Key Tasks

Regulatory Compliance: Responsible for all IT security and compliance activities related to appropriate industry and governmental regulations as required by Apellis
Policy Management: Ensure the creation, maintenance, support, and audit of IT policies, procedures, and work instructions, ensuring that documents and described processes comply with relevant industry and governmental regulations
Vendor Partnership: Develop and manage partnerships with suppliers, vendors, and consultants to ensure product needs are met
Continuity Planning: Participate in policy development and lifecycle management for Apellis’ Business Continuity Planning (BCP), legal electronic discovery requests, document/data retention, and data integrity compliance
Stakeholder Coordination: Build and maintain relationships with key personnel across the enterprise to coordinate security, risk, and compliance activities with business units
Security Training: Create and maintain awareness and training programs for security and compliance across the IT department and all business areas
System Evaluation: Evaluate and monitor the security systems that protect Apellis’ computer systems and data, including those implemented internally and via Software-as-a-Service platforms
Audit Testing: Perform audits and testing of IT compliance as required by regulations, or more frequently when needed for internal purposes
Procedure Training: Support or provide training in specific procedures and practices
Project Leadership: Provide project leadership in defining project requirements and objectives
Task Prioritization: Plan and prioritize tasks for both IT and business teams related to security and compliance activities

19. IT Security Manager Duties and Roles

Policy Development: Assist in the development and adoption of principles, policies, standards, and procedures
PCI Management: Lead the PCI program on behalf of the company to ensure the company’s ability to process credit card payments
Franchise Compliance: Assist CKE franchises in obtaining and maintaining PCI compliance
Security Solutions: Work with managed service providers to manage security solutions for the organization
Training Development: Assist in the development and implementation of IT security training courses across the organization
Security Consulting: Provide and conduct consulting on security program projects, incident management, and risk management
Requirements Analysis: Work with application teams to identify functional requirements that drive security technology that enables business functionality
Audit Mitigation: Perform security audits, identify issues, and develop mitigation plans that work at scale

20. IT Security Manager Roles and Responsibilities

Team Supervision: Supervise the Security Assurance team that includes completion and annual review of the Security Controls Document for all CIT systems, as well as the oversight of application security processes
Risk Assessment: Directly manage and improve the information security risk assessment (Security Control Document) process
Application Review: Oversee and develop review processes for applications to identify vulnerabilities
Vulnerability Management: Oversee the management of application vulnerabilities (scanning, identification, analysis, impact assessment, and prioritization) from application scanners
Issue Resolution: Ensure application vulnerabilities are assessed and promptly addressed by IT owners in accordance with program standards and service level agreements
Process Management: Manage and assist with the resolution of self-identified issues as systems are reviewed through the Security Control Document process
Partner Relations: Manage relationships with internal business partners and security service providers
Technology Implementation: Lead projects to implement new application vulnerability management technologies and automation for risk assessment technologies
Configuration Improvement: Provide recommendations for improving configuration standards and management, based on subject matter expertise and industry best practices
Audit Contribution: Contribute to regulatory, risk assessment, and internal audit examinations
Risk Enforcement: Weigh business risks and enforce appropriate information security measures
Vendor Management: Manage relationships with outsourced information technology service providers

Relevant Information

What Does An IT Audit Manager Do?

What Does An IT Product Manager Do?

What Does An IT Service Manager Do?

What Does An IT Manager Do?