Information Security Manager

The Information Security Manager evaluates technology environments through control testing, compliance assessments, identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements.

Position Responsibilities:

• Plans, conducts and manages cybersecurity and technology controls testing, compliance assessments including IT systems and processes for design and operating effectiveness.
• Develops and maintains test procedures and plans for IT Security Controls, ensuring alignment with key objectives, industry standards and regulatory requirements.
• Evaluates the organization’s compliance with preferred cybersecurity frameworks.
• Performs control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.
• Analyzes test results, identifies security control deficiencies, and recommends solutions to resolve identified issues.
• Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented.
• Tracks security issues/risks, prepares comprehensive reports outlining findings, recommendations and actionable insights to senior management and stakeholders.
• Collaborates with cross-functional teams including IT, legal, compliance and liaises with law enforcement and other external entities to address findings and implement corrective action.
• Develops innovative approaches and solutions, including use of data analytics, Agile methodology, and automation to improve overall effectiveness and value of the controls testing team.
• Ensures compliance with applicable security policies and standards.
• Stays updated on latest cybersecurity threats, vulnerabilities, and testing techniques, contributing to the enhancement of cybersecurity practices within the organization.
• Provides professional advice – takes a lead role of process or program execution.
• Is accountable for own work and contributes to setting standards through expertise in own job discipline that impact others’ deliverables.
• Work is guided by cascaded policies or business plans.
• May lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests.

Required Qualifications:

• Knowledge of IT security controls and technologies, IT systems and networks, security testing, security policies, standards, and regulations
• Experience performing compliance and control testing assessments
• Knowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 Controls
• Proficiency in understanding operating systems (Windows, Linux, Unix), network protocols, and cybersecurity frameworks
• Understanding of cloud computing security principles and leading practices
• Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization
• Knowledge of data privacy laws, data security issues, encryption techniques, data classification, and data loss prevention mechanism

Skills:

• Cybersecurity
• Security Compliance
• IT Controls
• IT Audit
• IT Regulatory Compliance
• Risk Assessment
• Control Testing

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.