Information Security Manager
Apply NowCompany: BOSTON TRUST WALDEN COMPANY
Location: Boston, MA 02115
Description:
Boston Trust Walden Company Overview
Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets.
Boston Trust Walden distinguishes itself in several key ways, including:
Located in the heart of Boston at One Beacon Street, Boston Trust Walden employs fewer than 100 individuals. Boston Trust Walden's structure as an independent, employee-owned firm enables the firm to make business decisions that align with clients and employees for long-term success. The firm's structure and size help cultivate a collegial work environment where employees have ownership of their work, contribute to positive client outcomes, and are rewarded for their efforts.
One of Boston Trust Walden's strategic priorities is to foster a positive workplace; this includes a commitment to diversity, equity, and inclusion. The firm believes this commitment is not only the right thing to do but also a matter of good governance and a critical component of long-term business success. When DEI values are infused into the workplace environment, the company and its employee's benefit. The firm is committed to taking meaningful steps to advance racial, ethnic, and gender equity in its workplace through retention, education, and recruitment initiatives.
Boston Trust Walden Company is an Equal Opportunity Employer. Boston Trust Walden is committed to supporting equal employment opportunity and to promoting a workplace free of discrimination with regard to race, color, religious creed, national origin, genetic information, ancestry, sex, age, sexual orientation, gender identity, gender expression, physical or mental disability, parental status, marital status, veteran/US military status, pregnancy, citizenship status, or other legally protected status.
The firm will make reasonable accommodations in the application process if requested by new job applicants.
Position: Information Security Manager
Job Summary
Boston Trust Walden seeks a strategic and experienced Information Security Manager to lead and strengthen the firm's overall security posture, operational procedures, and control environment. This critical role is responsible for safeguarding firm and client data by managing core security functions, fostering cross-department collaboration, and proactively identifying and mitigating security risks.
As the Information Security Manager, you will propose, implement, and maintain the firm's security policies, technologies, and controls. Additionally, you will lead phishing simulation exercises, conduct security and risk assessments, and oversee vendor due diligence reviews. The ideal candidate will demonstrate a strong commitment to cybersecurity, possess deep expertise in security principles and frameworks, and adopt a forward-thinking approach to evolving threats. You will manage day-to-day security operations, handle incident response, and drive continuous improvements to the firm's security program. Oversee security controls, including network and host intrusion detection and protection systems (IDS/IPS), identity access management systems (SSO, IdP), firewalls, security incident and event management systems (SIEM), mobile device management (MDM) systems, data classification and loss prevention systems (DLP), secure email gateways, and proxy systems.
Key Responsibilities:
Job Requirements:
Education & Experience:
Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets.
Boston Trust Walden distinguishes itself in several key ways, including:
- stable, diversified business model serving a variety of client types.
- compelling investment philosophy and excellent track record.
- longstanding leadership in ESG impact investing; and
- corporate culture grounded in shared values, as signified by the company's tagline, Principled Investing.
Located in the heart of Boston at One Beacon Street, Boston Trust Walden employs fewer than 100 individuals. Boston Trust Walden's structure as an independent, employee-owned firm enables the firm to make business decisions that align with clients and employees for long-term success. The firm's structure and size help cultivate a collegial work environment where employees have ownership of their work, contribute to positive client outcomes, and are rewarded for their efforts.
One of Boston Trust Walden's strategic priorities is to foster a positive workplace; this includes a commitment to diversity, equity, and inclusion. The firm believes this commitment is not only the right thing to do but also a matter of good governance and a critical component of long-term business success. When DEI values are infused into the workplace environment, the company and its employee's benefit. The firm is committed to taking meaningful steps to advance racial, ethnic, and gender equity in its workplace through retention, education, and recruitment initiatives.
Boston Trust Walden Company is an Equal Opportunity Employer. Boston Trust Walden is committed to supporting equal employment opportunity and to promoting a workplace free of discrimination with regard to race, color, religious creed, national origin, genetic information, ancestry, sex, age, sexual orientation, gender identity, gender expression, physical or mental disability, parental status, marital status, veteran/US military status, pregnancy, citizenship status, or other legally protected status.
The firm will make reasonable accommodations in the application process if requested by new job applicants.
Position: Information Security Manager
Job Summary
Boston Trust Walden seeks a strategic and experienced Information Security Manager to lead and strengthen the firm's overall security posture, operational procedures, and control environment. This critical role is responsible for safeguarding firm and client data by managing core security functions, fostering cross-department collaboration, and proactively identifying and mitigating security risks.
As the Information Security Manager, you will propose, implement, and maintain the firm's security policies, technologies, and controls. Additionally, you will lead phishing simulation exercises, conduct security and risk assessments, and oversee vendor due diligence reviews. The ideal candidate will demonstrate a strong commitment to cybersecurity, possess deep expertise in security principles and frameworks, and adopt a forward-thinking approach to evolving threats. You will manage day-to-day security operations, handle incident response, and drive continuous improvements to the firm's security program. Oversee security controls, including network and host intrusion detection and protection systems (IDS/IPS), identity access management systems (SSO, IdP), firewalls, security incident and event management systems (SIEM), mobile device management (MDM) systems, data classification and loss prevention systems (DLP), secure email gateways, and proxy systems.
Key Responsibilities:
- Collaborate with Information Technology, Risk Management, and Compliance to analyze and strengthen security controls and implement comprehensive security requirements.
- Lead the implementation, documentation, and maintenance of information security policies, standards, procedures, and controls.
- Investigate security incidents, perform root cause analysis to identify indicators of compromise, and maintain documentation for corrective actions and improvements.
- Oversee third-party security providers to enhance controls and procedures.
- Manage the vulnerability lifecycle from identification to resolution and collaborate with IT teams to maintain secure baseline configurations.
- Monitor and analyze event logging across the organization, ensuring proper alerting is in place, reducing false positives, and identifying and correcting false negatives.
- Proactively identify and address gaps in security controls, working with teams across the business to ensure security measures are effectively implemented and maintained.
- Conduct information security reviews of external systems containing or utilizing firm or client NPPI.
- Stay current with the latest security technologies, trends, vulnerabilities, and emerging threats, providing expert guidance to stakeholders.
Job Requirements:
- In-depth understanding of modern computing environments, including virtualization, cloud technologies, networks and protocols, data loss prevention, identity access management, multi-factor authentication, public key infrastructure and cryptography, intrusion detection, firewalls, mobile device management, proxies, vulnerability assessment tools, and incident response.
- Possess strong written and verbal communication skills, capable of producing policies, procedures, risk assessments, and audit responses aligned with internal and regulatory standards.
- Self-motivated and detail-oriented, capable of working independently while managing multiple priorities in a fast-paced, small-company environment.
- Proven ability to collaborate and communicate effectively with cross-functional teams and departments.
- Skilled in organizing, planning, and executing security initiatives that align with IT and business objectives.
- Strong interpersonal skills with the ability to build relationships with business partners and stakeholders at all levels.
- Able to influence decisions and promote a culture of security awareness throughout the organization.
Education & Experience:
- Bachelor's degree or higher in computer science, information security, or related fields.
- Over 10 years in a dedicated security role, demonstrating increased responsibilities.
- Experience in Information Security domains such as information security governance, compliance, and regulations, as well as knowledge of frameworks like CIS, NIST, ISO 27001, and SOC reports.
- Professional certifications such as CISSP/CCSP, CySA+/CASP+, Security+ or GIAC are highly preferred.