Information Security Manager - 1582

Full Job Description

Key Responsibilities:
• Develop, implement, and maintain the organization's information security policies, procedures, and standards in accordance with industry best practices and regulatory requirements.
• Establish partnerships with IT function in implementing technical controls and policies enforcement to provide assurance on operating effectiveness of cybersecurity function.
• Conduct regular risk assessments and vulnerability scans to identify potential security threats and weaknesses in the organization's infrastructure, applications, and processes.
• Develop and manage a comprehensive security awareness and training program to educate employees about information security risks and best practices.
• Lead incident response activities, including investigating security breaches, coordinating with internal teams and external partners, and implementing corrective actions to mitigate future risks.
• Collaborate with IT teams and business units to integrate security controls into the organization's systems and applications.
• Stay informed about the latest trends and developments in information security, including emerging threats, technologies, and regulatory requirements.
• Provide guidance and support to IT and business stakeholders on security-related matters, including compliance with data protection laws and regulations.
• Manage relationships with external vendors, consultants, and service providers to ensure the effectiveness of security solutions and services.
• Prepare and present regular reports to senior management and stakeholders on the organization's security posture, incidents, and remediation efforts.
Qualifications:
• Bachelor's degree in computer science, computer engineering, information technology, or a related field. Master's degree preferred.
Experience:
• Minimum 8 years of relevant degree.
Certificates Required:
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification is highly desirable.
Skillset Required:
• Proven experience in information security management, including policy development, risk assessment, incident response, and security awareness training.
• In-depth knowledge of security frameworks and standards such as ISR, ISO 27001, GDPR, NIST, PCI-DSS, OWASP, and MITRE.
• Strong understanding of network security, encryption, access controls, identity and access management, and security technologies.
• Excellent communication skills, with the ability to effectively convey complex technical information to non-technical stakeholders.
• Strong analytical and problem-solving skills, with the ability to assess security risks and develop appropriate mitigation strategies.
• Experience managing security projects and initiatives.
• Ability to work effectively both independently and as part of a team in a fast-paced and dynamic environment.
• High level of integrity, professionalism, and commitment to maintaining the confidentiality and integrity of sensitive information.
• Knowledge of information systems cyber security architecture and compliance.
• Knowledge of security risk assessment.
• Knowledge of advanced IT security and IT audit concepts and techniques.
• Knowledge of various operating system, Virtualization, Databases, web/API security.
• Knowledge of IT Security solution like WAF, FW, IDS/IPS, Encryption, EDR, PAM, FIM, NAC, VPN, authentication methods such as multi-factor authentication.
• Knowledge of enterprise physical and virtual data center infrastructure.
• Knowledge of network architecture principles of network design and security.
• Knowledge of principles and concepts of establishing and documenting baseline systems performance.
• Ability to ensure compliance related to information security policies.
• Ability to independently compose clear, complete, and concise correspondence and reports.
• Ability to utilize security tools such as Qualys, ASM, to identify and report security related issues.
• Knowledge of both wireless and wired security best practices.
• Ability to review changes to Applications, Azure Cloud, IT Infra, Security architecture and provide recommendations.