Senior Information Security Manager

It's a new day with a new opportunity at 8am! 

This is a hands-on leadership role for someone who thrives on elevating security practices from tactical execution to an integrated, metrics-driven, cross-functional program. You'll help modernize how we detect, respond to, and mitigate risk, leveraging AI-enabled platforms like CrowdStrike, Vanta, and Snyk, while also identifying new opportunities to integrate AI to improve security efficiency, reduce alert fatigue, and increase visibility. This role is essential to our company-wide AI adoption effort and directly contributes to AffiniPay’s Value Creation Plan (VPC).

About us:

Founded in 2005, 8am™ (formerly AffiniPay) is the professional business platform built to help legal, accounting, and other client-focused professionals run stronger, more profitable businesses. Today, more than 250,000 professionals across the U.S. trust 8am to help them work smarter, serve clients better, and unlock their full potential. We have been recognized as one of Inc 5000’s fastest growing companies in the U.S. for 13 years in a row, and as a result, our teams continue to grow as well!

What You’ll Do

• Own the implementation, configuration, and operationalization of information security platforms (e.g., CrowdStrike, Security Hub, GuardDuty, Vanta, DataGrail)
• Ensure CrowdStrike and similar tools are correctly configured and deployed, in partnership with the Information Security Engineer, to achieve intended coverage and effectiveness
• Lead monitoring, tuning, and stakeholder engagement for suspicious findings or platform alerts, ensuring clear triage and response workflows
• Oversee the security posture for access controls, logging, and backups, ensuring relevant data is collected and ingested into NG SIEM or other detection pipelines
• Track the effectiveness of tooling, identify opportunities to improve alert fidelity, and eliminate coverage gaps
• Evaluate opportunities to increase automation and efficiency through AI capabilities within existing tools (e.g., CrowdStrike, Vanta, Snyk) and recommend adoption of new platforms that align with our AI growth goals
• Lead experimentation or pilot efforts to improve security signal triage, anomaly detection, and risk prediction through AI/ML-powered capabilities
• Own the identification, evaluation, and documentation of security-related risks across infrastructure, applications, and third-party services
• Develop and maintain actionable risk treatment plans in collaboration with stakeholders, balancing mitigation, acceptance, and investment tradeoffs
• Partner with the VP of Information Security to maintain visibility into top risks, contribute to executive-level risk dashboards, and align controls to actual exposure
• Ensure that AffiniPay’s cloud environments (AWS, Terraform-managed infrastructure) meet commercial security best practices and evolving compliance obligations
• Partner with Infrastructure, DevOps, and DevX to assess and remediate gaps in governance, process documentation, or control ownership
• Drive alignment around security configurations, automation guardrails, and baseline control requirements across brands
• Own security control operations for frameworks, including SOC 2 Type 2, PCI DSS 4.0, and other in-scope privacy obligations
• Ensure evidence collection, documentation, and audit support are proactively maintained
• Maintain clear ownership of control domains, including logging, monitoring, asset management, backup validation, encryption, and vendor risk support
• Build and maintain repeatable, data-driven security metrics and KPIs at the team, department, and executive levels
• Identify or implement tools and workflows to assist in automated data gathering, reporting, and visualization
• Use metrics to support risk reduction decisions, program transparency, and budget justification for future investment
• Contribute to company-wide AI metrics by helping establish security-specific AI adoption benchmarks, efficiency gains, or automation outcomes related to platform usage and team productivity
• Support incident response preparation through tabletop exercises, playbook development, and role clarity across functions
• Partner with Engineering and business stakeholders to triage alerts, classify severity, and coordinate cross-team responses
• Maintain ownership of detection platforms and ensure findings are actionable, prioritized, and communicated to the appropriate teams
• Provide guidance, support, and tactical leadership to Information Security Engineers and Compliance staff
• Serve as a point of contact across departments, building trust and driving execution without escalation
• Help build bench strength and resiliency across the InfoSec function by identifying training needs, process gaps, and staffing signals

About You

• 6+ years of progressive experience in information security, cybersecurity engineering, or security risk management
• Proven ability to operationalize controls under PCI DSS, SOC 2 Type 2, or similar regulatory frameworks, with audit support and remediation tracking
• Demonstrated ownership of InfoSec risk identification, analysis, and mitigation, with ability to drive collaborative treatment planning across stakeholders
• Hands-on experience with cloud security architecture (AWS required), including IAM, logging, encryption, GuardDuty, Security Hub, and Terraform-based infrastructure
• Familiarity with security platform management and tuning, including CrowdStrike, Vanta, and Snyk, and comfort leading tool implementation and maturity roadmaps
• Experience building and maintaining department-level metrics or KPIs tied to security program performance or audit readiness
• Ability to translate technical risk into business impact and present findings to stakeholders
• Track record of influencing cross-functional teams without direct authority and delivering on cross-team security initiatives
• Experience evaluating or deploying AI- or ML-enhanced platforms in the security, compliance, or detection space (e.g., CrowdStrike, Vanta, Snyk)
• Demonstrated ability to identify automation or AI opportunities to reduce manual workflows, improve detection, or accelerate compliance assurance
• Comfort working with technical teams on AI/LLM integrations, anomaly detection enhancements, or AI-powered reporting

Nice to Have

• Certifications: CISSP, CISM, CCSP, AWS Security Specialty, or equivalent
• Experience supporting privacy operations tools and workflows (e.g., DataGrail)
• Experience with metrics automation or dashboard platforms (e.g., Vanta, Power BI, Looker)
• Exposure to legaltech, fintech, or multi-brand SaaS environments with compliance or regulatory complexity
• Familiarity with AI/ML platforms in the security or compliance space, including AI-enhanced SIEM, automated compliance evidence tools, or large language model (LLM) integrations for incident or alert summarization
• Experience with AI-enhanced security tooling (e.g., SIEMs with ML models, large language models for alert summarization or evidence automation)
• Prior involvement in evaluating or deploying AI technologies as part of a security program modernization effort
• Familiarity with AI governance, explainability, and responsible AI principles in the context of security and compliance

Why 8am 

At 8am, our culture is shaped by the people who bring it to life every day. Together, we build a company rooted in continuous learning, genuine community, holistic wellness, and meaningful engagement—values that empower us as individuals and unite us as a team. Our culture is grounded in our core values: Work Smart, Win Fast; Outshine Ordinary, and We Find a Way. These values drive how we serve our customers and work with each other in a collaborative, inspiring, and empowering environment, every day.

Here’s how we support our 8Team:

• Health Insurance Coverage: We offer our 8Team a variety of medical, dental, and vision plans, designed to fit your needs, including a 100% company-paid HDHP plan for employees.
• Financial perks: We offer a competitive compensation and benefits package including annual bonuses, equity options and 401(k) or RRSP if in Canada, with a company match for all team members.
• Time for what matters: Flexible Time Off, paid holidays, and a parental leave program for our new parents.
• Wellness: Wellness stipends, mental health support, and one-on-one nutrition coaching.
• Learning and Development: Continuous learning through 8am.edu, leadership programs, professional development funds, and individually focused talent development.
• Giving back to the communities around us: Participate in our charitable matching gift program, paid time off for volunteer service, and company-sponsored volunteer events (both local and virtually).
• Engagement: Virtual and in-person team-building events, quarterly award recognition through our Rise & Shine Award of Excellence Program, and our peer-to-peer appreciation platform.

At 8am, we don’t just offer benefits—we create an environment where people can thrive, grow, and make a real impact every day.

Diversity, equity & inclusion at 8am

At 8am, we recognize that innovation occurs with a strong team of people who are diverse in background, personality, talent and ideas. Experience comes in many forms and ensuring a diverse and inclusive workplace where we continue to learn from each other is an integral part of our culture. We are committed to creating a welcoming and transparent environment for all that embraces those differences through education, equal access to opportunities and information, inclusionary programs, and community outreach. 

Security advisory

Our hiring teams at 8am are dedicated to recruiting top talent that share our passion for serving the professional services industry through innovative financial technology.  As such, our Talent Acquisition Team only follows legitimate hiring practices.  We will always communicate with our candidates using emails with the 8am domain and will never ask for sensitive/personal data during the application process.  All interviews take place over phone call, Zoom/Google Meet or in person.  All offers are communicated verbally by our Talent Acquisition Specialists with a written offer letter as a follow up.