Information Security Manager

Job purpose:

We are seeking an experienced
Information Security Manager
to lead a team of
Information Security Officers (ISOs)
and
Governance, Risk, and Compliance (GRC) specialists
within a dynamic Business Unit. This role is critical in ensuring the security posture of our organization and delivering cybersecurity services to both internal stakeholders and external clients.

As an Information Security Manager, you will have the opportunity to define, coordinate and ensure the execution of the Information Security Management Program, being the process, standards and procedures subject matter expert in on how to identify and protect the IT environment, detect and respond to cyber threats, and ensure the recovery in the event of a cyber-disaster or other security critical incident.

The role is responsible for overseeing the management of GRC, Vulnerability Management, Identity and Access Management, Security Architecture and Engineering, and the execution by Information Security, IT Operations personnel and 3rd parties of the appropriate security standards and processes, working closely with the relevant stakeholders providing direction, advice and guidance to ensure that events, incidents and issues are managed, communicated and resolved in line with business expectations.

This is a technical role that require extensive expertise in at least two of the following capabilities:  Security Architecture and Engineering, Identity and Access Management, Vulnerability Management, Business Continuity, Incident Response.

Key Responsibilities:

• Establish a high-performing team of security engineers to operate a modern, effective security program.
• Contribute to the enterprise security architecture and develop a technical roadmap to drive security initiatives and continuous improvements.
• Ensure that the organization's information security program is compliant with regulatory requirements. This includes monitoring changes to regulatory requirements and ensuring that the organization's information security program is updated accordingly.
• Coordinate the development and implementation of security policies, procedures and practices and ensures their communication to all TIU Group companies.
• Contribute to the BCP/DRP development and coordinate policies and plans for disaster recovery and business continuity and ensuring them with applicable measures.
• Build partnerships with TIU Group business teams, vendors, security peers and technology teams with a focus on collaboration to find secure solutions.
• Being a technical role, be a subject matter expert (SME) to make informed decisions and drive a balance of security and business objectives.
• Measure team performance and secure posture for improvement and maturity over time.
• Establish internal technical standards, processes, and procedures.
• Foster personal growth by enabling team members through career development, mentoring and coaching.
• Coordinate and participate in incident response activities related to information security events and incidents.
• Stay abreast of new security technology, emerging security threats, vulnerabilities, and security controls.
• Carry out activities specific to this position also in projects with the company's clients, to whom the company provides services in the field of information security.

Skills & Relevant Work Experience

• 8-10 years working experience in information technology including 3-5 yrs. people management experience
• 4+ years of professional experience in information security or cyber security
• Bachelor's degree or equivalent combination of education and experience;
• Good multi-platform knowledge. Experience in Windows, Linux, Mac, Android, AWS/Azure, Networking, Firewalls, Office 365, etc.
• Security functional knowledge including: EDR, SIEM/SOAR, AV, intrusion detection, incident response, policy writing, vulnerability testing, operating system hardening, regulatory compliance, and data classification.
• Experience in defining and implementing security solutions, policies, and technologies relating to Identity Management, Information Protection etc., with experience in Business Continuity/ Disaster Recovery implementations and executions.
• This role must have technical expertise in security architecture, enterprise architecture, IT strategy, and security concepts related to networking, endpoint security, cloud technology, cyber-attack techniques, and incident handling procedures. This requires deep domain knowledge in many technical areas, but also extends to business processes such as regulations, legal, and human resources.
• Experience defining and managing an information security program in accordance with the international standards (e.g. NIST, ISO/IEC 27001, NIS, eIDAS, Webtrust).
• Strong work ethic with attention to detail;
• Excellent oral and written communication skills.
• Ability to communicate security issues to peers and management.
• Industry certifications such as CISM, CISSP, GCIH, CRISC are strongly preferred.

If you are interested in this position, please send your resume at , mentioning " Information Security Manager" in the email subject line.