About HASI   HASI is an investor in sustainable infrastructure assets advancing the energy transition. With more than $16 billion in managed assets, our investments are diversified across multiple asset classes, including utility-scale solar, storage, and onshore wind; distributed solar and storage; RNG; and energy efficiency. We combine deep expertise in energy markets and financial structuring with long-standing programmatic client partnerships to deliver superior risk-adjusted returns and measurable environmental benefits. HA Sustainable Infrastructure Capital, Inc. is listed on the New York Stock Exchange (Ticker: HASI). For more information, please visit hasi.com. Position Summary The Sr. Manager, Cybersecurity is a hands-on technical leader responsible for defining, leading, and executing the organization’s enterprise cybersecurity strategy, architecture, and daily security operations. This role combines strategic ownership with direct technical execution, requiring active involvement in designing, implementing, configuring, and maintaining security controls across the enterprise. This role operates as a core member within the Digital Technology Organization (DTO), working in close alignment with peer technology functions while engaging collaboratively with risk, compliance, legal, and business stakeholders. The position ensures the confidentiality, integrity, and availability of HASI’s information assets while aligning cybersecurity initiatives with business objectives, regulatory requirements, and industry best practices. Beyond governance and oversight, this role is deeply engaged in security engineering and operations, including tool deployment, control configuration, vulnerability management, and incident response. A strong emphasis is placed on Microsoft 365 and cloud security, with expectations to operate directly within platforms to implement and optimize controls. The Sr. Manager owns the adoption and execution of cybersecurity frameworks, including CIS Controls, leads cybersecurity personnel, and drives continuous improvement across security operations, awareness, and technology platforms.   Key Responsibilities Cybersecurity Strategy, Architecture & Governance * Define, execute, and maintain HASI’s enterprise cybersecurity strategy, roadmap, and target security architecture. * Establish and enforce cybersecurity policies, standards, and technical controls aligned to NIST CSF, CIS Controls, and regulatory requirements. * Ensure cybersecurity is embedded into enterprise architecture, infrastructure design, cloud platforms, and technology initiatives from inception. * Provide regular, risk-based reporting on cybersecurity posture, control maturity, and emerging threats to executive leadership. Hands-On Security Engineering & Operations * Serve as a hands-on security leader, actively configuring, implementing, and tuning security technologies and controls. * Lead the implementation and ongoing management of security platforms including SASE, DLP, IAM, PAM, endpoint protection, SIEM, and network security solutions. * Perform and oversee vulnerability identification, remediation, and validation across infrastructure, cloud, endpoints, and applications. * Actively participate in threat detection, security monitoring, incident response, root cause analysis, and post-incident remediation. * Manage and enhance SOC capabilities, including direct oversight of MSSPs and validation of alerts, detections, and response quality. Microsoft 365 & Endpoint Security Ownership * Own and manage security across the Microsoft 365 ecosystem, including Entra ID (Azure AD), Exchange Online, SharePoint, OneDrive, Teams, and Defender platforms. * Design, implement, and maintain Conditional Access policies, identity protection controls, and Zero Trust access models. * Lead Mobile Device Management (MDM/MAM) strategy and implementation using Microsoft Intune, including device compliance, application protection, and data loss prevention controls. * Develop, implement, and maintain CIS hardening baselines, security GPOs, and standardized secure workstation and server images. * Ensure secure configuration and continuous hardening of Microsoft and endpoint environments in alignment with CIS benchmarks. Cloud & Infrastructure Security * Lead secure design and configuration of cloud environments (Azure, AWS), with a strong focus on defense-in-depth and least privilege. * Implement identity-centric security controls, secure networking, logging, and monitoring across hybrid and cloud-native environments. * Ensure security controls are integrated into automation, infrastructure-as-code, and modern IT delivery practices. Leadership & Team Development * Lead, mentor, and develop a team of cybersecurity professionals, while remaining technically engaged and hands-on. * Establish clear expectations that balance strategic ownership with operational execution. * Foster a culture of accountability, continuous improvement, and strong security engineering discipline. Cross-Functional Collaboration & Awareness * Partner with IT, risk, compliance, legal, and business teams to design solutions that are secure, scalable, and compliant * Act as a trusted technical advisor on cybersecurity risks, control design, and mitigation strategies * Drive organization-wide security awareness and training programs to improve cyber hygiene and reduce human risk   Qualifications * Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field * 10+ years of progressive experience in cybersecurity or information security, with significant hands-on technical responsibility * Demonstrated experience personally implementing and configuring security technologies, not solely managing teams or vendors * Deep expertise in Microsoft 365 security, including Conditional Access, Intune (MDM/MAM), Defender, identity protection, and tenant hardening * Strong experience implementing SASE, DLP, IAM, PAM, endpoint security, SIEM, vulnerability management, and Zero Trust architectures * Proven experience developing and enforcing CIS hardening standards, security baselines, GPOs, and secure images. * Experience with regulatory and compliance requirements (e.g., SOX, SOC 2) * Ability to lead teams while remaining technically hands-on and execution-focused * Excellent communication skills with the ability to translate technical risk into business impact * Relevant certifications preferred: CISSP, CISM, CISA, CIS Controls Practitioner, Microsoft Security certifications, or equivalent WORK AUTHORIZATION   HASI is willing to take over sponsorship for existing H1-B visas for exceptional talent. We are unable to provide new H-1B sponsorship at this time.   EEO STATEMENT   The Company maintains a policy of non-discrimination in employment and complies with and supports all Federal, state, and local laws regarding discrimination in employment.  Specifically, the Company does not discriminate in employment opportunities or practices against any employee, intern, or applicant on the basis of race, color, gender, sex, sexual orientation, gender identity, religion, ancestry, national origin, age, citizenship status, marital status, pregnancy (including childbirth, lactation, or related medical conditions), mental or physical disability, veteran status, uniformed servicemember status, genetic information (including testing and characteristics), or any other characteristic to the extent prohibited by federal, state, or local law. Decisions regarding staffing, selection, and promotions are made on the basis of individual qualifications related to the requirements of the position.  If you need reasonable accommodation for a job opening, please connect with us at [email protected] and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process.