Head/Senior Manager - Security

The Manager of Information Security will lead and oversee all aspects of the company's information security efforts.

They will be responsible for establishing and maintaining a robust information security program to safeguard information assets and ensure compliance with industry standards and regulations.

Responsibilities:

Cybersecurity Management:

- Develop and implement comprehensive cybersecurity policies, procedures, and best practices.

- Support strategic business initiatives by planning and implementing effective cybersecurity measures.

- Evaluate cybersecurity resilience approaches and recommend optimal resource utilization to senior management.

- Conduct regular risk assessments, vulnerability scans, and security audits to identify threats and weaknesses.

- Monitor networks and systems for security breaches, promptly responding to security incidents.

- Coordinate the analysis of security incidents, implement corrective actions, and incorporate lessons learned into security protocols.

- Analyze IT environment and provide recommendations for disaster recovery, remote access, network security appliances, servers, applications, and endpoints.

- Develop and implement network security strategies, policies, and procedures.

IT Management and Support:

- Manage and coordinate external partners to deliver IT and cybersecurity-related services.

- Provide guidance and support to IT teams on security-related matters, including network security, endpoint protection, and data encryption.

- Collaborate with IT teams to integrate security measures into new and existing systems and applications.

- Lead or support IT projects with security implications, such as system upgrades, cloud migrations, and software deployments.

- Act as a liaison between operational teams, vendors, and senior management on cybersecurity matters.

- Review data protection and privacy processes, advising the organization on necessary updates.

- Implement and provide consultation for Data Protection Impact Assessments (DPIA).

- Collaborate with IT teams to implement security controls, patches, and configuration changes to mitigate vulnerabilities.

Compliance and Governance:

- Represent IT in SOX processes, specifically for IT General Controls (ITGC), IT Application Controls (ITAC), and Business Process Controls.

- Ensure compliance with relevant industry standards and regulations, such as SOX, NIST, and ISO.

- Maintain documentation and evidence of compliance activities for audit purposes.

- Assist in facilitating internal and external IT audits and assessments.

- Develop and maintain a corporate acceptable cyber risk policy.

- Plan and maintain a risk registry, ensuring timely remediation of identified risks.

Training and Awareness:

- Lead and oversee user awareness training programs, including tracking and phishing simulations, aligned with corporate campaigns.

- Conduct cybersecurity awareness training sessions for employees to foster a culture of security consciousness.

- Stay updated on the latest cybersecurity threats, trends, and technologies, disseminating relevant information to stakeholders.

Required Skills and Qualifications:

- Bachelor's degree in Computer Science, Information Technology, or related field; Master's degree preferred.

- 7+ years of experience in information security, with at least 3 years in a managerial or leadership role.

- Proven experience in developing and implementing cybersecurity strategies and initiatives.

- Strong knowledge of cybersecurity frameworks (e., NIST, ISO), regulations (e., SOX), and compliance requirements.

- Experience with security technologies such as firewalls, IDS/IPS, SIEM, endpoint protection, and encryption.

- Excellent leadership, communication, and interpersonal skills.

- Certifications such as CISSP, CISM, or CISA preferred.

- Ability to collaborate effectively with cross-functional teams and senior management