Manager, Information Security

About The Position

Requirements

• Bachelor’s in Computer Science; Information Systems or equivalent.
• Minimum 5 years of experience in Information Security, with exposure to Governance, Risk and Compliance (GRC).
• Demonstrated experience building, maintaining, or maturing an Information Security Management System (ISMS).
• Relevant experience supporting or leading ISO 27001 certification or similar regulatory frameworks.
• Experience managing enterprise security risk registers and facilitating formal risk assessments.
• Experience developing and maintaining security policies, standards, and governance documentation.
• Experience evaluating and recommending security technologies aligned to strategic control objectives.
• Experience reviewing third-party/vendor security questionnaires and assessing risk exposure.
• Experience operating within multi-site or global environments.
• Strong written communication skills with ability to produce executive-level documentation and reporting.
• Must have the ability to travel domestically and internationally where required (relevant travel documentation required).
• Flexible working hours may be required to support global operations across multiple time zones.
• May be required to support major security incidents from a governance and risk advisory perspective.
• Role requires the ability to operate effectively across distributed warehouse and corporate environments.

Nice To Haves

• Experience within logistics, warehousing, manufacturing, or other distributed operational environments.
• Experience operating across multiple regions with awareness of data sovereignty and regional regulatory requirements.
• Experience building multi-year security roadmaps and maturity models.
• Familiarity with frameworks such as NIST CSF, CIS Controls, or Zero Trust principles.
• Professional certifications such as CISM, CISSP, CRISC, or ISO 27001 Lead Implementer/Auditor.

Responsibilities

• Define and maintain the global Information Security roadmap aligned to business objectives and operational realities across core infrastructure locations and 60+ warehouses.
• Establish strategic security control objectives (e.g., least privilege, identity-first security, segmentation, zero trust principles) in line with industry and global standards from NIST, CIS, etc)
• Develop, maintain, and mature the Information Security Management System (ISMS).
• Create and update global security policies, standards, and procedures aligned to ISO 27001 and industry best practices.
• Ensure consistent governance and control ownership across IT and business functions.
• Own and maintain the enterprise Information Security risk register and supporting tools.
• Conduct and facilitate formal risk assessments across global sites and business functions.
• Define and document risk treatment and risk acceptance processes.
• Ensure consideration of regional legislation, data sovereignty, and cross-border data handling requirements in conjunction with legal and DPO.
• Provide structured reporting on risk posture and key risk indicators to IT and senior leadership.
• Lead ISO 27001 readiness and certification initiatives.
• Coordinate internal and external audits across global operations.
• Maintain control mappings to regulatory, contractual, and customer requirements.
• Oversee remediation tracking and corrective action plans arising from audits or assessments.
• Ensure audit evidence collection processes are structured, repeatable, and consistent across locations.
• Own and evolve the global security awareness program using Caniphish toolset
• Coordinate phishing simulations and targeted training campaigns.
• Track behavioral risk metrics and engagement trends.
• Drive continuous improvement in security culture across distributed operational environments.
• Be cognizant of new threat landscape and plan to test employees appropriately (i.e. WhatsApp)