Job Description: Manager – Information Security & Compliance
We are seeking an experienced Information Security and Compliance manager to lead and oversee the development, implementation, and management of our information security and business continuity programs. This role is crucial in safeguarding our organization's sensitive data, ensuring business resilience, and maintaining compliance with regulatory requirements.
He is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected. This position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.
Roles & Responsibilities:
Develop, implement and monitor short- and long-term enterprise information security, IT risk management and data protection programs to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Develop and lead the implement of ISO27001/17, PCI-DSS, ISO 20000 standards and privacy program.
Ensure company employees and vendors are adhere to Information Security policies and procedures.
Ensure that security programs comply with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
Create and manage information security and risk management awareness training programs for all employees and contractors.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation
plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.
Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Manage and coordinate operational components of incident management, including detection, response and reporting.
Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
Design, coordinate and oversee security-testing procedures to verify the security of systems, networks, and applications, and recommend the remediation of identified risks.