Manager, Information Security Assurance

Job Summary The Information Security Assurance Manager reports to the Business Information Security Officer (BISO) and collaborates with business and IT colleagues to deliver critical capabilities in support of strategic information security goals. This includes the operational management of information protection solutions, the development of security awareness & training, the management of phishing campaigns, the delivery and reporting of information security metrics, and other business-facing information security services as assigned. The role requires excellent communication skills and the ability to support multiple efforts across information security disciplines. Job Description As a member of the Information Security team and under the supervision of the BISO, the Information Security Assurance Manager is responsible for information protection solutions in alignment with the IS strategy and roadmap. Responsibilities include working with the business and IT on the identification and protection of vital information and data (“crown jewels”). The Information Security Assurance Manager leads the information security awareness program, which is a suite of continuous activities that promote safe computing practices for colleagues, including ongoing phishing campaigns. In addition, this role supports the BISO on the development and ongoing management/reporting of key metrics that demonstrate the value and progress of the information security program. The expectation is that the individual successfully coordinates multiple tasks and priorities continuously with limited supervision. Information Protection Support the business and IT on identification of company vital information/data and establishing corresponding protections. Monitor and respond to alerts and reports of information or data exposure in coordination with SOC and IT teams as required. Conduct root cause analysis and implement corrective actions for identified threats. Maintain and improve information protection rulesets in coordination with information security, business, and IT colleagues, and assist in the identification and remediation or mitigation of exposures. Security Awareness & Training Support the BISO in the development and delivery of organization-wide information security training content. Measure the effectiveness of training initiatives and continuously improve content. Maintain the Information Security SharePoint presence to communicate policy, best practices, guidance, and other materials. Develop and deliver awareness materials to educate personnel about information security best practices and promote a culture of security awareness within the organization. Establish and publish technical security guidance in coordination with information security colleagues. Phishing Simulations Design and execute phishing simulation campaigns to assess employee awareness through the company’s phishing delivery platform. Analyze and report on results, conduct surveys and interviews to gain feedback to identify improvements that will strengthen user behavior. Collaborate with internal teams to tailor simulations to specific business contexts. Security Metrics Support the BISO in collection of data and reporting for key performance and risk indicators (KPIs/KRIs) as defined to measure the information security program. Manage periodic benchmarking of the information security program in support of the BISO through coordination with IS, IT and other stakeholders. To be successful in this Information Security Assurance Manager role, you must have and maintain knowledge of the information and cybersecurity frameworks and best practices, exhibit strong analytical skills and judgement, and demonstrate excellent communication in collaboration with stakeholders. You must also stay up to date with industry advancements and continuously improve security protocols to protect the organization's data from threats.