Security Program Manager

This offering gives clients the flexibility to let us develop and manage their security program.

Building an Enterprise Security Architecture (ESA) is critical for all sizes of companies. However, most midsize companies cannot justify spending the time and money necessary to fulfill the roles and responsibilities that are required to implement and maintain the ESA and satisfy best practices for Security and Compliance. Inconsistently outsourcing pieces of the ESA increases the management cost and decreases the effectiveness of the overall security for the organization. In many instances, the outsourced components do not complete the whole and distract companies from achieving their desired state.


One of the greatest areas of IT cost increase in recent years has come from the battle to comply with regulations and meet best practices around security. The amount of changes in this field has led to tremendous overspending and misspending. The goals of the Security Program Manager (SPM) offering are:

  • Transfer the leading practices of large organizations and the government in an affordable way.
  • Ensure that system modifications are consistent with the institution’s information security program.
  • Adopt dual control procedures, background checks and the segregation of duties for personnel with access to customer information.
  • Deliver the diverse expertise needed to manage security in an organized and structured way.
  • Install a framework that is easy to understand, flexible, and used as a roadmap for implementation.
  • Answer the questions: Are we secure? Are we compliant? Are we sure?


It is virtually impossible for any one person or even three people to master all aspects of information security, communications security, operational security, compliance, ever changing regulations, auditing, hacking, forensics, physical security, and government best practices that SecureState’s team of experts brings. SecureState has developed and managed security programs for clients from a few dozen employees to Fortune 500 corporations. In each case, our staff members have assessed the needs of the client and crafted a security program unique to their needs. What works for a large governmental agency doesn't necessarily work for a small retailer, and vice versa. The Security Program Manager aligns security with the overall organizational goals, and ensures that the right assets are being protected.

Approach and Methodology

The SPM role is based on tasks. There is no fixed number of hours associated with this position. SecureState will assume the following tasks:

  • Security Management
  • Segregation of duties
    • Thought leadership
    • Benchmarking against industry best practices
  • Education and Awareness
  • Incident Management
    • Incident response setup
    • Limited forensics support- Additional time and material outside the initial response
  • Dynamic Reporting
    • Enterprise version of the Virtual Compliance Officer Portal, used for managing the components of the ESA
    • Risk prioritization
    • Implementation of Key Performance Indicators (KPI) 
  • Security Policy and Procedures
    • Refinement, modification and promulgation
    • Compliance management


Get Started!