Information Security & Compliance Manager

Job Title:

Manager, Information Security & Compliance

Reports to:

Sr. Director of Technology Operations & Information Security Officer
FLSA:
Exempt
EEO:
Professional
Manages others:
Yes

Location:

Remote or Hybrid
Department:
Technology Operations
ADP Job Code: 310 Indon

The Manager, Information Security & Compliance leads all security engineering and compliance operations at WPS, ensuring the confidentiality, integrity, and availability of systems and data. This is a handsetcode technical role that oversees vulnerability management, SIEM operations, incident response, identity security, secure configurations, cloud security architecture, and disaster recovery.

The Manager leads the Compliance Engineer and oversees the company’s compliance program, ensuring that security practices and technical controls align with SOC 2, HIPAA, GDPR, CCPA, customer requirements, and any future regulatory or industry frameworks required by WPS. This role sets security priorities, governs security standards, and ensures that all IT systems, including endpoints, identity, infrastructure, and cloud environments, operate securely and in compliance with regulatory and contractual obligations.

This role also owns WPS’s Disaster Recovery (DR) program, including planning, governance, testing, and continuous improvement of recovery capabilities across systems, infrastructure, and cloud environments.

This role is both strategic and hands‑on, requiring direct technical involvement in security engineering and incident response.

This position is central to WPS’s IT security strategy, risk management, and audit readiness and reports to the Sr. Director & Information Security Officer.

• Own vulnerability management, SIEM tuning and monitoring, incident response, and threat investigation.
• Maintain secure baseline configurations (CIS, hardening standards).
• Oversee AWS securityparticipants, including IAM governance, cloud logging, encryption standards, network security boundaries, and enforcement of cloud security guardrails.
• Design and approve security controls for new systems, infrastructure changes, and applications.
• Govern identity security, privileged access, MFA enforcement, and periodic access reviews.
• Provide security oversight for Dev Ops pipelines and cloud deployments.

• Own all security policies, standards, procedures, and security awareness training.
• Lead annual risk assessments, security reviews, and third‑party/vendor risk management.
• Own the Disaster Recovery (DR) governance program, including planning, documentation, tabletop exercises, and driving remediation, while partnering with Infrastructure on technical DR execution.
• Manage data protection and data classification practices.
• Track and report security KPIs, risks, and initiatives to the ISO.
• Run regular security governance meetings and guide cross‑functional alignment.

• Lead the Compliance Engineer and review IMPORT all Gitc work for accuracy and completeness.
• Approve technical controls, evidence, and audit Découvrez documentation.
• Ensure IT systems meet required technical controls across SOC 2, HIPAA, GDPR, CCPA, and other applicable regulatory or customer‑driven frameworks.
• Define evidence required from IT and non‑IT WPS teams.
• Manage corrective actions, POAMs, and remediation plans.
तरीक neq sa security questionnaires with the Compliance Engineer.

• Security defines security requirements and works closely with Infrastructure to implement necessary configurations, remediations, and technical controls.
• Partner with the Infrastructure team to ensure DR plans, runbooks, and technical recovery processes are implemented and tested effectively.
• Security reviews and approves changes that impactroat security posture.

• Advance/app track