Information Security Manager

About The Position

Requirements

• Experience in working in international organizations is an advantage.
• Demonstrated ability to build successful cybersecurity programs
• Expert understanding of cybersecurity concepts, principles and practices.
• Unquestionable personal code of ethics, integrity, diversity and trust
• Able to successfully navigate within varying degrees of ambiguity in a fast-paced environment
• Experience of formal risk assessment methodologies.
• In depth understanding of networks, databases and business applications as they relate to security. Excellent understanding of computer networking concepts and protocols, and network security methodologies.
• Excellent understanding of vulnerability management and associated tools and solutions.
• Deep expertise with Azure platform.
• Keeps up to date on all matters pertaining to IT security.
• Knowledge of leading practice incident management processes.
• Solution driven with demonstrated ability to meet deadlines and deliver results.
• Bachelor’s degree or equivalent program in Computer Science, Business Information Systems, Information Security or Information Technology
• Relevant Professional certification essential: CISSP, CISA, CISM or CRISC
• Minimum 10 years in a Senior Information Security or similar role.
• Excellent knowledge and experience of ISO27001, SOC2 Type 2 and GDPR
• Knowledge of Risk Management Processes (eg methods for assessing and mitigating risk)

Responsibilities

• Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
• Develop, implement, and monitor a comprehensive enterprise information security program that aligns with strategic plan and best-in-class compliance and industry requirements.
• Maintain our ISO 27001, SOC2 Type, GDPR and UK Cyber Essential certification and related activities.
• Manage our annual internal and external penetration test and remediation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
• Develops, implements and enhances an up-to-date information security management framework
• Create, implement and manage confidentiality, data safeguarding and data retention policies and procedures
• Develop, maintain, and roll out training and activities for information security awareness within the organization
• Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
• Provide regular reporting on the current status of the security program to relevant stakeholders as part of a strategic enterprise risk management program. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security