Information Security Manager Resume Preview
Alex Johnson
Information Security Manager | alex.johnson@email.com | (555) 123-4567 | San Francisco, CA | linkedin.com/in/alexjohnson
Summary
Information security manager with 8+ years leading enterprise security programs, managing SOC teams, and driving compliance initiatives. Experienced in building security strategy aligned with business objectives, managing $3M+ security budgets, and reporting to executive leadership on risk posture. Skilled in Security Strategy, Risk Management, Team Leadership (10+), Compliance (SOC 2, ISO 27001, GDPR), Vendor Management, and Security Architecture, Incident Response Planning, Budget Management with hands-on experience across security manager, information security, CISO. Strong communicator who works effectively with cross-functional teams including product, design, and QA.
Experience
Senior Information Security ManagerJan 2022 - Present
TechCorp Inc.San Francisco, CA
- Led the enterprise security program for a 5,000-person organization across 4 offices, building the security strategy from initial risk assessment through implementation. Security incidents dropped 60% over 3 years through a combination of better controls, faster detection, and employee awareness
- Managed a team of 15 security professionals spanning analysts, engineers, and architects, maintaining a 95% retention rate in a competitive hiring market. Ran structured career development programs and fought for competitive compensation adjustments during each review cycle
- Drove the company through SOC 2 Type II and ISO 27001 certification within 12 months, coordinating evidence collection and control implementation across engineering, IT, and HR. The certifications unlocked enterprise sales that generated $20M in new revenue
- Wrote the incident response plan and validated it through quarterly tabletop exercises with cross-functional participation from engineering, legal, and communications. Mean time to contain dropped from 4 hours to 30 minutes over the first year of drills
- Presented quarterly security posture reports to the board of directors, translating technical risk into business impact language. Secured a $3.5M budget increase for the zero-trust network initiative based on the risk reduction projections presented
- Ran weekly security team meetings, monthly skip-level sessions, and quarterly planning reviews for all 15 direct and indirect reports. Handled hiring, performance reviews, promotion cases, and the occasional difficult conversation about role fit
Information Security ManagerJun 2019 - Dec 2021
InnovateLabsAustin, TX
- Owned the vendor security assessment process, reviewing 50+ third-party vendors annually before procurement could finalize contracts. Built a tiered assessment framework that matched review depth to data sensitivity and access level
- Worked with legal counsel on breach notification requirements, data processing agreements, and regulatory response procedures for GDPR and state privacy laws. Kept the playbooks current as new regulations came into effect
- Managed the $4M annual security budget across tooling licenses, headcount, consulting engagements, and training programs. Tracked spend monthly and reallocated funds mid-year when priorities shifted based on the threat landscape
- Established a security champions program embedding one trained engineer from each development team as a security point of contact. The program improved vulnerability remediation speed by 40% and reduced the security team's review backlog
- Negotiated and managed relationships with 5 security vendors, consolidating overlapping tools and renegotiating contracts that saved about $350K annually. Conducted annual reviews to ensure each tool was still delivering value relative to its cost
Education
Bachelor of Science in Computer Science, University of California, Berkeley - Berkeley, CA2019
Skills
Languages & Frameworks: Security Strategy, Risk Management, Team Leadership (10+), Compliance (SOC 2, ISO 27001, GDPR)
Tools & Infrastructure: Vendor Management, Security Architecture, Incident Response Planning, Budget Management
Methodologies & Practices: Board Reporting, Policy Development
Projects
Security Controls Modernization Project - Improved security posture across systems by tightening controls around Security Strategy. Documented risks, partnered with engineering teams on remediation, and created repeatable evidence for audits and reviews.
Incident Response and Risk Reduction Program - Built playbooks, reporting workflows, and monitoring improvements connected to Risk Management, Team Leadership (10+), Compliance (SOC 2, ISO 27001, GDPR). Reduced response ambiguity and gave leadership clearer visibility into active risks and mitigation progress.
Certifications
CISSP
CISM (Certified Information Security Manager)
CRISC
Professional Summary
Information security manager with 8+ years leading enterprise security programs, managing SOC teams, and driving compliance initiatives. Experienced in building security strategy aligned with business objectives, managing $3M+ security budgets, and reporting to executive leadership on risk posture.
Key Skills
Security StrategyRisk ManagementTeam Leadership (10+)Compliance (SOC 2, ISO 27001, GDPR)Vendor ManagementSecurity ArchitectureIncident Response PlanningBudget ManagementBoard ReportingPolicy Development
What to Include on a Information Security Manager Resume
- A concise summary that states your information security manager experience level, strongest domain, and the business problems you solve.
- A skills section that mirrors the job description language for Security Strategy, Risk Management, Team Leadership (10+), Compliance (SOC 2, ISO 27001, GDPR).
- Experience bullets that connect security manager, information security, CISO to measurable outcomes such as cost savings, faster delivery, better quality, or improved customer results.
- Tools, platforms, certifications, and methods that are current for cybersecurity roles.
- Recent projects that show ownership, cross-functional work, and a clear result instead of generic responsibilities.
Sample Experience Bullets
- Led the enterprise security program for a 5,000-person organization across 4 offices, building the security strategy from initial risk assessment through implementation. Security incidents dropped 60% over 3 years through a combination of better controls, faster detection, and employee awareness
- Managed a team of 15 security professionals spanning analysts, engineers, and architects, maintaining a 95% retention rate in a competitive hiring market. Ran structured career development programs and fought for competitive compensation adjustments during each review cycle
- Drove the company through SOC 2 Type II and ISO 27001 certification within 12 months, coordinating evidence collection and control implementation across engineering, IT, and HR. The certifications unlocked enterprise sales that generated $20M in new revenue
- Wrote the incident response plan and validated it through quarterly tabletop exercises with cross-functional participation from engineering, legal, and communications. Mean time to contain dropped from 4 hours to 30 minutes over the first year of drills
- Presented quarterly security posture reports to the board of directors, translating technical risk into business impact language. Secured a $3.5M budget increase for the zero-trust network initiative based on the risk reduction projections presented
- Ran weekly security team meetings, monthly skip-level sessions, and quarterly planning reviews for all 15 direct and indirect reports. Handled hiring, performance reviews, promotion cases, and the occasional difficult conversation about role fit
- Owned the vendor security assessment process, reviewing 50+ third-party vendors annually before procurement could finalize contracts. Built a tiered assessment framework that matched review depth to data sensitivity and access level
- Worked with legal counsel on breach notification requirements, data processing agreements, and regulatory response procedures for GDPR and state privacy laws. Kept the playbooks current as new regulations came into effect
- Managed the $4M annual security budget across tooling licenses, headcount, consulting engagements, and training programs. Tracked spend monthly and reallocated funds mid-year when priorities shifted based on the threat landscape
- Established a security champions program embedding one trained engineer from each development team as a security point of contact. The program improved vulnerability remediation speed by 40% and reduced the security team's review backlog
- Negotiated and managed relationships with 5 security vendors, consolidating overlapping tools and renegotiating contracts that saved about $350K annually. Conducted annual reviews to ensure each tool was still delivering value relative to its cost
ATS Keywords for Information Security Manager Resumes
Use these terms naturally where they match your experience and the job description.
Security Frameworks & Standards
ISO 27001NIST CSFSOC 2CIS ControlsCOBITPCI DSSHITRUSTGDPRFedRAMPZero Trust Architecture
Risk & Governance
Risk AssessmentVendor Risk ManagementBusiness Continuity PlanningIncident Response PlanningSecurity AuditsPolicy DevelopmentData ClassificationThreat ModelingCompliance ManagementRisk Mitigation
Security Technologies
SIEMDLPIAMEndpoint Detection and ResponseFirewallsIDS/IPSVulnerability ScannersPAMCASBMulti-Factor Authentication
Certifications & Methodologies
CISSPCISMCISACRISCSecurity Awareness TrainingPenetration Testing OversightRed Team ExercisesTabletop ExercisesCyber InsuranceThird-Party Assessments
Leadership & Soft Skills
Security Program ManagementExecutive ReportingBudget ManagementCross-Functional CollaborationTeam BuildingStakeholder CommunicationBoard PresentationsRegulatory Liaison
Keyword Tips
- Quantify your security impact: instead of 'Managed security program', say 'Led enterprise security program protecting 15,000 endpoints across 12 global offices with zero critical breaches over 3 years'.
- Highlight compliance achievements with specific frameworks -- 'Achieved SOC 2 Type II certification' carries more weight than 'Ensured compliance'.
- Include both technical and business keywords since hiring managers want security leaders who can translate risk into business language.
Recommended Certifications
- CISSP
- CISM (Certified Information Security Manager)
- CRISC
What Does a Information Security Manager Do?
- Design, develop, and maintain software solutions using Security Strategy, Risk Management, Team Leadership (10+) and related technologies
- Collaborate with cross-functional teams including product managers, designers, and QA engineers to deliver features on schedule
- Write clean, well-tested code following industry best practices for security manager and information security
- Participate in code reviews, technical discussions, and architecture decisions to improve system quality and team knowledge
- Troubleshoot production issues, optimize performance, and ensure system reliability across all environments
Resume Tips for Information Security Managers
Do
- Quantify impact with specific numbers - team size, users served, performance gains
- List Security Strategy, Risk Management, Team Leadership (10+) prominently if they match the job description
- Show progression - more responsibility and scope in recent roles
Avoid
- Vague phrases like "responsible for" or "helped with" without specifics
- Listing every technology you have ever touched - focus on what is relevant
- Including outdated skills that are no longer industry standard
Frequently Asked Questions
How long should a Information Security Manager resume be?
One page is ideal for most Information Security Manager roles with under 10 years of experience. If you have 10+ years, major leadership scope, publications, or highly technical project history, two pages can work as long as every section is relevant.
What skills should I highlight on my Information Security Manager resume?
Prioritize skills that appear in the job description and match your real experience. For Information Security Manager roles, Security Strategy, Risk Management, Team Leadership (10+), Compliance (SOC 2, ISO 27001, GDPR) are strong starting points, but the final list should reflect the specific posting.
How do I tailor my resume for each Information Security Manager application?
Compare the job description with your summary, skills, and most recent bullets. Add exact-match terms like security manager, information security, CISO, security leadership, risk management where they are truthful, then reorder bullets so the most relevant achievements appear first.
What should I avoid on a Information Security Manager resume?
Avoid generic responsibilities, long paragraphs, outdated tools, and soft claims without evidence. Replace phrases like "responsible for" with action verbs and measurable outcomes.
Should I include projects on a Information Security Manager resume?
Include projects when they prove relevant skills or fill gaps in work experience. Strong projects show the problem, your role, the tools used, and the result. Skip personal projects that do not relate to the job.
Build your Information Security Manager resume
Paste a job description and get a tailored, ATS-optimized resume in 20 seconds.
Generate Resume FreeNo credit card required