INFORMATION SECURITY MANAGER

Key Responsibilities

• Develop, implement, and manage the organization's information security strategy, policies, and procedures.
• Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.
• Manage a team of security professionals, providing technical guidance, mentoring, and performance management.
• Oversee risk assessments, vulnerability management, penetration testing, and incident response.
• Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).
• Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.
• Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.
• Define, track, and report security KPIs and risk metrics to senior leadership.
• Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.
• Lead security awareness and training programs to promote a strong security culture.

Required Technical Skills (Tough Skills)

• Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.
• Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.
• Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).
• Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).
• Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.
• Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.
• Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.
• Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.

Good to Have

• Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.
• Experience in Zero Trust Architecture and container security (Docker, Kubernetes).
• Knowledge of threat intelligence platforms and SOC automation (SOAR).