Information Security Manager

Job Description

The Information Security Manager will oversee the security and compliance of the companys systems and data.This role is pivotal in ensuring that the company adheres to relevant regulations, maintains critical securitycertifications, and fosters a culture of security across the organization. The individual will play a key role inprotecting digital assets, managing risk, and promoting security best practices in alignment with business goalsKey Responsibilities:Compliance and Certifications Management Lead the maintenance and renewal of key security certifications, including ISO 27001, SOC 2, GDPR,and other relevant regulatory frameworks. Monitor and ensure continuous compliance with global and local regulations, including data privacylaws such as GDPR, PDPA, and DPDPA. Conduct regular internal audits to assess security measures and readiness for certification renewals.Digital Security and Risk Management Develop and manage the companys information security strategies and policies to address cyberthreats, ensuring proactive protection of systems and sensitive data. Conduct risk assessments and vulnerability analyses to identify potential security issues andimplement remediation plans. Manage digital security incidents, leading incident response teams to ensure timely resolution andpost-incident analysis.Security Operations and Tools Oversee the deployment, management, and optimization of security tools, such as firewalls, SIEM,identity management systems, and endpoint protection. Stay up to date with the latest cybersecurity trends, vulnerabilities, and emerging threats,implementing new tools and technologies to enhance the organizations security posture. Collaborate with IT and development teams to implement DevSecOps practices and ensure security isintegrated into all stages of software development and operations.Team Leadership and Development Foster a security-first culture across all departments. Establish objectives for the extended IT team, initiate security goals and drive continuous professionaldevelopment to stay ahead of the latest security trends. Collaborate with cross-functional teams, including legal, compliance, and product, to ensure security isembedded in all aspects of business operations.Security Advocacy and Awareness Act as a Security Champion, promoting security awareness and training programs across theorganization.Organize workshops and training sessions to ensure that all employees understand the importance ofinformation security and adhere to established security policies. Encourage best practices and maintain open communication channels for reporting and managingsecurity concerns.Disclaimer: Job descriptions are not exhaustive, and the employee may be required to undertake duties thatare in line with but not limited to the above responsibilitiesQualifications:Education: Bachelors degree in Information Security, Computer Science, or a related field. A Masters degree ispreferred.Certifications: Relevant security certifications such as CISSP, CISM, CISA, or equivalent are required.Experience: Minimum of 8 years of experience in information security or related roles, with a strong track recordof compliance management and cybersecurity. Hands-on experience managing and maintaining certifications such as ISO 27001, SOC 2, and GDPRcompliance.Technical Skills: Proficiency in security frameworks (ISO 27001, NIST), cloud security (AWS, Azure, GCP), and incidentresponse. Strong knowledge of risk management, threat detection, and mitigation strategies, as well asexperience using security tools like SIEM and firewalls.Soft Skills: Strong leadership and communication skills, with a proven ability to influence security culture acrossan organization. Analytical and problem-solving abilities, with a proactive approach to security risk management. Ability to work collaboratively with cross-functional teams, including legal and compliance.Preferred Skills: Experience with DevSecOps and automating security processes. Previous experience managing security operations in regulated industries (e.g., financial services,healthcare). Strong knowledge of data protection regulations across different regions, including GDPR, PDPA, andDPDPA.

Keyskills :
cisspcloud securityiso 27001information securitycisa