Information Security Manager

As a Manager of Information Security, you will play a crucial role in developing, evaluating, and ensuring alignment with cybersecurity controls and policies. Your expertise in cybersecurity best practices, enterprise security architecture, and data protection will be vital in embedding security into the organization's products, services, and technology infrastructure. A solid understanding of the latest security frameworks and technologies, including Cloud and AI, is essential to inform and support risk-based decision-making effectively. Key Responsibilities: - Develop, review, and maintain cybersecurity policies, standards, and procedures in accordance with global security frameworks such as NIST, Cloud Security Alliance, and CIS. - Convert identified security risks into policy requirements while ensuring alignment with business objectives. - Collaborate with security, engineering, architecture, and operational teams to ensure the technical feasibility of policies and provide guidance on implementing and enforcing controls. - Function as a security specialist, conducting comprehensive risk assessments and control gap analyses across services, products, infrastructure, and applications. - Provide recommendations on effective risk mitigation strategies that align with business objectives and maintain security standards. - Stay informed about emerging threats, industry standards, best practices, and regulatory changes to advise on necessary updates to policies, controls, or other measures. - Offer guidance on secure cloud, network architecture, segmentation, and system hardening. - Monitor and maintain secure configurations and access controls in collaboration with engineering teams. - Lead security reviews of new technologies and system changes to ensure a secure architecture. - Integrate security tools and technologies to support the enterprise security posture effectively. - Maintain documentation and evidence repositories for internal and external support. - Utilize platforms like SharePoint and Jira for optimal assessment preparedness. - Work with control owners to efficiently address and close findings. - Develop and implement cybersecurity awareness programs for technical and non-technical teams. - Communicate policy changes, risk advisories, and incident notifications concisely. - Deliver training sessions on security controls and risk management procedures to stakeholders. Required Qualifications: - Bachelor's/Master's degree in Information Security, Computer Science, or a related field. - 12-15 years of experience in Information Security focusing on risk management, network security, and security architecture. - Hands-on experience in system/network administration (Windows/Linux/Cloud). - Deep understanding of frameworks like ISO 27001, NIST, PCI DSS, and COBIT. - Experience in drafting and implementing security policies and technical standards. - Knowledge of identity lifecycle management and access governance. - Experience with audit documentation and evidence management tools. - Excellent communication and stakeholder engagement skills. Preferred Qualifications: - Certifications such as CISSP, CISM, CISA, CRISC, or equivalent. - Experience with GRC platforms and risk assessment methodologies. - Familiarity with regulatory standards like GDPR, CCPA, and other data protection laws. - Exposure to cloud platforms (Azure, AWS) and security tools. - Knowledge of enterprise architecture frameworks and secure design principles.,