Manager — Information Security and Compliance

At apexanalytix, we’re lifelong innovators! Since the date of our founding nearly four decades ago we’ve been consistently growing, profitable, and delivering the best procure-to-pay solutions to the world.   We’re the perfect balance of established company and start-up.  You will find a unique home here. 

The Manager — Information Security and Compliance operate and matures our company-wide security, risk, and compliance program across the US and Europe. You'll lead a small team, own the security budget, drive cloud and Kubernetes security, run our audit and certification programs, and bring innovative ideas that move our posture forward year over year.

•       8+ years across information security, risk, and IT, with direct people-management experience.

•       Deep hands-on Azure security (Defender for Cloud, Entra ID Conditional Access design and tuning, PIM, Sentinel) and Microsoft 365 Defender / Purview.

•       Practical Kubernetes / container security and DevSecOps experience.

•       Hands-on Tenable vulnerability management at scale, plus Burp Suite Professional for web app and API penetration testing.

•       SBOM and supply-chain security experience (SPDX / CycloneDX, SLSA, NIST SSDF).

•       Track record leading SOC 1 / SOC 2 Type II and ISO 27001 cycles end-to-end.

•       Working command of US (SOX, HIPAA, GLBA, CCPA/CPRA, NYDFS Part 500) and EU/UK (GDPR, NIS2, DORA) frameworks.

•       Solid grounding in NIST CSF 2.0, NIST 800-53, CIS v8, and MITRE ATT&CK.

•       Experience owning a security budget and negotiating with vendors.

•       Incident response leadership across multiple US and EU jurisdictions.

•       Strong executive communication — translating risk into business language.

•       Bachelor's degree in CS, InfoSec, or related field (or equivalent experience), plus CISSP, CISM, or CISA.