Manager / Senior Manager, Cybersecurity & Risk

Status: Full-Time / Permanent
Location: Remote
Department: Information Technology
Reports To: Director, Infrastructure & Operations
Salary: $125,000-$150,000 per year, dependent on skillset and experience

SavATree is seeking a highly capable, hands-on cybersecurity leader to help strengthen and mature our enterprise cybersecurity program as the company continues to scale. This role will serve as the enterprise lead responsible for cybersecurity operations, risk management, policy development, incident readiness, and security architecture across a distributed, field-based organization.
Reporting to the Director, Infrastructure & Operations, this highly visible individual contributor role will partner closely across IT and the business to strengthen cybersecurity capabilities, reduce enterprise risk, and improve overall security posture. The role will work across infrastructure, applications, cloud, identity, data, and third-party environments to help ensure scalable and resilient cybersecurity practices.
The ideal candidate is technically strong, pragmatic, and comfortable operating in a lean environment where they will both define and help execute cybersecurity priorities. This individual must be capable of operating independently, influencing across teams, and helping build scalable cybersecurity capabilities that balance risk reduction with business enablement.

• Serve as the enterprise cybersecurity lead responsible for cybersecurity operations and risk management across infrastructure, endpoints, identity, cloud, applications, data, and third-party environments.
• Partner closely with Infrastructure & Operations to strengthen endpoint security, vulnerability management, patching, identity and access management, logging, monitoring, and incident detection and response capabilities.
• Provide technical cybersecurity leadership across Microsoft, cloud, SaaS, and enterprise platforms to improve overall security posture.
• Partner with enterprise application teams to ensure secure architecture, integrations, and data practices across core business platforms, including Microsoft technologies and enterprise applications.
• Lead cybersecurity incident response coordination, tabletop exercises, root cause analysis, and remediation planning.
• Evaluate emerging threats and recommend pragmatic, risk-based mitigation strategies aligned to business priorities.
• Monitor and assess cybersecurity posture across internal and third-party environments.

• Help define and mature enterprise cybersecurity capabilities, operating processes, and governance appropriate for a growing organization.
• Develop and maintain cybersecurity policies, standards, procedures, and best practices.
• Build and maintain a practical cybersecurity roadmap focused on risk reduction, resiliency, and operational effectiveness.
• Establish cybersecurity metrics, scorecards, and reporting for IT leadership and executive stakeholders.
• Conduct risk assessments and partner with teams to prioritize remediation activities.
• Support security awareness and training initiatives.

• Support enterprise cybersecurity governance practices, including access controls, vendor risk management, data protection, and security awareness.
• Partner with stakeholders on cybersecurity-related audits, customer questionnaires, cyber insurance requirements, and compliance activities.
• Help mature incident response, disaster recovery, and business continuity capabilities.
• Establish practical, scalable controls appropriate for a fast-paced, growth-oriented organization.

• Serve as the primary point of coordination for cybersecurity vendors, MSSPs, penetration testing firms, and external security partners.
• Drive accountability, service quality, and measurable outcomes across third-party providers.
• Partner with Infrastructure & Operations leadership to establish cybersecurity priorities, remediation plans, and operational governance.
• Evaluate cybersecurity tools and recommend solutions aligned to business needs and organizational maturity.
• Establish a strong cybersecurity operating foundation and improve organizational resiliency through pragmatic controls and risk reduction.
• Improve visibility into cybersecurity risk through meaningful metrics and reporting.
• Enhance foundational controls across identity, endpoint security, vulnerability management, monitoring, and incident response.
• Establish practical cybersecurity policies, standards, and operating procedures.
• Strengthen vendor oversight and improve effectiveness across security partners.
• Develop a practical multi-year cybersecurity roadmap aligned to business priorities and company growth.

• 7+ years of progressive cybersecurity experience with increasing responsibility.
• Experience operating as a senior cybersecurity individual contributor or technical leader in a mid-sized enterprise environment.
• Strong technical understanding across IAM, EDR, vulnerability management, SIEM, Microsoft Security, Azure security, infrastructure/network security, incident response, and security architecture.
• Experience developing cybersecurity policies, standards, and procedures.
• Experience managing third-party cybersecurity vendors and managed service providers.
• Strong communication skills with the ability to explain technical risks in business-friendly language.

• Experience in private equity-backed, multi-site, field-service, or distributed operations environments.
• Experience supporting geographically dispersed or branch-based organizations.
• Experience with Microsoft technologies including Azure, Microsoft 365, Defender, Intune, and Entra ID.
• Relevant certifications such as CISSP, CISM, Security+, Azure Security Engineer, or similar.
• Self-starter who operates independently and drives outcomes
• Technically credible and hands-on
• Builder mentality with comfort creating structure in a lean environment
• Pragmatic, business-minded, and execution-oriented
• Strong collaborator who can influence across teams without direct authority
• Strong sense of ownership and accountability