Position Overview:

The Information Security Manager is responsible for developing, implementing, and managing the organization’s comprehensive information security program. This role requires a strong understanding of cybersecurity principles, risk management, compliance frameworks, and incident response. The ISM will lead efforts to protect company data and systems, mitigate risks, ensure regulatory adherence, and foster a security-aware culture across the organization.

Roles and Responsibilities:

1. Security Strategy & Program Management:

• Develop, implement, and maintain the organization’s information security strategy, roadmap, policies, standards, and procedures in alignment with business objectives and risk appetite.

• Lead the planning, implementation, and operation of security controls and technologies (e.g., firewalls, intrusion detection/prevention systems, SIEM, data loss prevention, endpoint security, identity and access management).
• Oversee the overall information security program, including budget management and resource allocation.

1. Risk Management & Assessment:

• Conduct regular information security risk assessments to identify, evaluate, and prioritize potential threats and vulnerabilities to information assets.
• Develop and implement strategies and controls to mitigate identified risks, working closely with IT and business units.
• Manage and track remediation plans for security findings from audits, assessments, and vulnerability scans.

1. Compliance & Governance:

• Ensure the organization’s information security practices comply with relevant laws, regulations, and industry standards (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS, HIPAA).
• Prepare for and manage internal and external security audits, working with auditors to provide necessary documentation and address findings.
• Develop and maintain comprehensive security documentation, including policies, procedures, and control matrices.

1. Incident Response & Management:

• Develop, implement, and regularly test the incident response plan to ensure timely and effective response to security breaches and incidents.
• Lead and coordinate incident response activities, including investigation, containment, eradication, recovery, and post-incident analysis.
• Manage security alerts, analyze logs, and monitor security systems for suspicious activity.

1. Security Awareness & Training:

• Develop and deliver security awareness training programs for all employees to promote a security-conscious culture.
• Educate staff on cybersecurity best practices, policies, and potential threats (e.g., phishing, social engineering).

1. Vulnerability Management & Testing:

• Oversee vulnerability assessment and penetration testing (VAPT) activities for applications, systems, and networks.
• Work with development and operations teams to ensure secure coding practices and prompt patching/remediation of vulnerabilities.

1. Vendor Security Management:

• Assess the security posture of third-party vendors and service providers to minimize supply chain risks.
• Ensure vendor contracts include appropriate security clauses and monitor ongoing compliance.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master’s degree preferred.

Experience: 2 to 4 years