ACT Fibernet - Manager - Information Security

Information Security Manager

Job Description:

Responsibilities:

- Represent and Lead IT Security function across the organization in projects and other initiatives to determine Information security and data risks, identify compensating controls, and to fill the appropriate security role

- Evaluate the security needs, solution options, financial costs of existing and recommended technologies, provide cost-benefit analysis, calculate TCO and ROI, and present it to management and business stakeholders as a part of budget planning

- Work directly with IT application and Infrastructure teams to ensure Information security is part of design and that solutions meet security requirements

- Review existing security environment to recommend refinement, supplementation, upgrading or replacing to ensure desired security outcomes

- Draft project plans for security service and technology deployments and coordinate with stakeholders across the organisation, design and Implement security solutions and controls, including process and technology, to minimise the risks

- Plan, lead and conduct various Information Security Audits (internal and external) across the organization.

- Hire, manage and lead the Information Security team members

- Review, define and establish Information Security processes and Policies for the Organization

Essential Criteria:

- CCSP, CISSP, CISM or equivalent with 8 - 12 years of experience within the IT / Telecom industries in supporting Information technology and security along with minimum 5 years of people management experience in a 5 - 10 members team.

- Working knowledge of ISO27001, ISO27002, ISO9001, Quality System Regulation

- Proven experience in building security reference architecture for medium to large enterprise

- Extensive experience supporting enterprise Information Security in an IT organisation, which focus on protection of intellectual property and sensitive information.

- Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.

- Full-stack knowledge of IT infrastructure including applications, databases, operating systems, hypervisors, network devices, storage, backups, software, etc.

- Strong knowledge of network and web application exploitation, ethical hacking, vulnerability assessment, penetration testing, computer forensics, and tool development