Encore Talent Solutions
IT Security and Compliance Manager
Encore Talent Solutions, Cincinnati, Ohio, United States, 45208
The IT Security and Compliance Manager is responsible for developing, implementing, and managing organization-wide security and compliance frameworks to ensure the integrity, confidentiality, and availability of the company’s systems, applications, and data.
This role serves as a strategic advisor and operational leader who collaborates across the enterprise—working closely with IT leadership, department heads, and C‑suite executives—to ensure all systems and processes remain secure and compliant.
The ideal candidate is both a strategic thinker and hands‑on practitioner, capable of leading policy development, risk management, incident response, and compliance initiatives. They will also act as a key liaison with the Fundraising, Development/CRM, and Data teams to ensure appropriate protocols are in place for vendor security, PCI compliance, and insurance‑related assessments.
Key Responsibilities
Security Strategy & Governance
Develop and lead the organization’s cybersecurity program aligned with recognized frameworks such as NIST CSF, CIS Controls, and ISO 27001. Establish and maintain security policies, procedures, and standards across network, application, and cloud environments. Conduct periodic risk assessments, vulnerability scans, and security audits; coordinate remediation efforts with IT and business units. Monitor and enhance identity, access, and endpoint security controls across Microsoft 365, Azure/Entra ID, and other enterprise systems. Serve as a subject‑matter expert on cybersecurity, ensuring alignment with company’s operational goals and compliance obligations. Compliance & Risk Management
Oversee organizational compliance with PCI DSS, data privacy laws, vendor risk frameworks, and insurance security standards. Partner with internal stakeholders in Fundraising, CRM/Development, Finance, and HR to maintain compliance in payment systems and donor data handling. Coordinate security assessments for vendors, partners, and third‑party systems; ensure appropriate due diligence documentation is maintained. Support audit readiness and external assessments, including responses to security questionnaires and evidence collection. Serve as the primary liaison for IT security and compliance matters with NITO, IT Directors, department heads, and executive leadership. Provide clear, actionable communication of security risks and compliance priorities to both technical and non‑technical audiences. Build strong relationships with internal teams to promote a culture of accountability and proactive risk management. Represent the IT department in cross‑functional committees and strategic planning initiatives related to cybersecurity and data governance. Lead employee cybersecurity training and phishing simulation campaigns to strengthen organizational awareness. Promote continuous improvement in security posture through education, communication, and cross‑departmental engagement. Stay current on emerging threats, technologies, and compliance standards relevant to company’s mission and IT ecosystem. Required Qualifications
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (Master’s degree preferred). Minimum 5–7 years of experience in IT security, risk management, or compliance roles. Demonstrated success developing and managing enterprise security frameworks and compliance programs. In‑depth understanding of PCI DSS, SOC 2, NIST, and related security standards. Proven ability to work collaboratively across departments and communicate effectively with executives, managers, and staff. Strong analytical, organizational, and problem‑solving skills. Preferred Certifications
CISSP – Certified Information Systems Security Professional CISM – Certified Information Security Manager CISA – Certified Information Systems Auditor CRISC – Certified in Risk and Information Systems Control CompTIA Security+ or ISO 27001 Lead Implementer Seniority level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology Industries: Information Services Location: Springdale, OH – Salary: $87,500.00 – $145,900.00
#J-18808-Ljbffr
Security Strategy & Governance
Develop and lead the organization’s cybersecurity program aligned with recognized frameworks such as NIST CSF, CIS Controls, and ISO 27001. Establish and maintain security policies, procedures, and standards across network, application, and cloud environments. Conduct periodic risk assessments, vulnerability scans, and security audits; coordinate remediation efforts with IT and business units. Monitor and enhance identity, access, and endpoint security controls across Microsoft 365, Azure/Entra ID, and other enterprise systems. Serve as a subject‑matter expert on cybersecurity, ensuring alignment with company’s operational goals and compliance obligations. Compliance & Risk Management
Oversee organizational compliance with PCI DSS, data privacy laws, vendor risk frameworks, and insurance security standards. Partner with internal stakeholders in Fundraising, CRM/Development, Finance, and HR to maintain compliance in payment systems and donor data handling. Coordinate security assessments for vendors, partners, and third‑party systems; ensure appropriate due diligence documentation is maintained. Support audit readiness and external assessments, including responses to security questionnaires and evidence collection. Serve as the primary liaison for IT security and compliance matters with NITO, IT Directors, department heads, and executive leadership. Provide clear, actionable communication of security risks and compliance priorities to both technical and non‑technical audiences. Build strong relationships with internal teams to promote a culture of accountability and proactive risk management. Represent the IT department in cross‑functional committees and strategic planning initiatives related to cybersecurity and data governance. Lead employee cybersecurity training and phishing simulation campaigns to strengthen organizational awareness. Promote continuous improvement in security posture through education, communication, and cross‑departmental engagement. Stay current on emerging threats, technologies, and compliance standards relevant to company’s mission and IT ecosystem. Required Qualifications
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (Master’s degree preferred). Minimum 5–7 years of experience in IT security, risk management, or compliance roles. Demonstrated success developing and managing enterprise security frameworks and compliance programs. In‑depth understanding of PCI DSS, SOC 2, NIST, and related security standards. Proven ability to work collaboratively across departments and communicate effectively with executives, managers, and staff. Strong analytical, organizational, and problem‑solving skills. Preferred Certifications
CISSP – Certified Information Systems Security Professional CISM – Certified Information Security Manager CISA – Certified Information Systems Auditor CRISC – Certified in Risk and Information Systems Control CompTIA Security+ or ISO 27001 Lead Implementer Seniority level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology Industries: Information Services Location: Springdale, OH – Salary: $87,500.00 – $145,900.00
#J-18808-Ljbffr