Job Description
Position Overview
We are seeking an experienced Information Security Manager to spearhead our efforts in safeguarding client data and maintaining a robust organizational threat posture. In this role, you will lead strategic initiatives to protect sensitive information, manage threat intelligence programs, and ensure compliance with relevant regulations. You will also collaborate closely with various internal teams-technical and non-technical alike-to develop, implement, and continuously improve security best practices.
Key Responsibilities
- Client Data Protection & Compliance
Design and enforce policies, procedures, and technical safeguards that secure client information from unauthorized access, disclosure, or misuse.
Stay current on data privacy regulations (e.g., GDPR, CCPA) and industry standards (e.g., ISO 27001, SOC 2), incorporating them into organizational processes.Oversee and maintain data classification protocols, ensuring appropriate access controls and encryption methods are applied.Threat Intelligence & Vulnerability ManagementEstablish a comprehensive threat intelligence program, monitoring emerging risks and industry trends that could impact clients' or the organization's security posture.
Conduct routine vulnerability assessments, penetration tests, and security audits, prioritizing remediation efforts based on criticality.Collaborate with cross-functional teams (e.g., DevOps, Network Engineering) to implement and validate fixes or security upgrades.Incident Response & Crisis ManagementDevelop and continuously refine the Incident Response Plan (IRP), outlining clear processes for detecting, containing, and remediating security breaches.
Coordinate tabletop exercises and real-world simulations to test the IRP, training staff to respond effectively in high-stress scenarios.Serve as the primary point of contact during security incidents, liaising with external agencies (law enforcement, regulatory bodies) as necessary.Security Architecture & Best PracticesWork with solution architects and system administrators to integrate robust security controls into infrastructure, software, and cloud environments.
Evaluate and recommend new security products, tools, and services that enhance the organization's threat detection and prevention capabilities.Enforce secure coding practices, hardening standards, and network segmentation protocols that align with evolving threats.Governance, Risk & Compliance (GRC)Lead security risk assessments, identifying and documenting vulnerabilities, threats, and overall risk exposure to client data.
Define and track security metrics (KPIs), reporting progress, gaps, and action plans to executive leadership.Oversee internal and external security audits, ensuring timely completion of any required corrective measures.Team Leadership & CollaborationManage a team of security analysts, engineers, and incident responders, providing coaching, mentorship, and clear performance objectives.
Foster a culture of security awareness and accountability throughout the organization, conducting regular training sessions for all staff.Coordinate with third-party vendors, managed security service providers, and consultants to strengthen the organization's security ecosystem.Requirements
Education & ExperienceBachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
5 years of hands-on experience in information security, including roles in threat intelligence, GRC, and / or incident response.Experience working within heavily regulated industries (e.g., finance, healthcare, government) is highly desirable.Technical SkillsProficiency with SIEM platforms (e.g., Splunk, QRadar), endpoint protection suites, and vulnerability management tools (e.g., Nessus, Qualys).
In-depth knowledge of security frameworks (NIST CSF, ISO 27001, COBIT) and compliance standards (PCI-DSS, HIPAA, SOC 2).Hands-on expertise in cloud security (AWS, Azure, GCP) and containerization platforms (Kubernetes, Docker) is a plus.CertificationsRelevant certifications such as CISSP, CISM, CRISC, or GIAC (GSEC, GCIA, GCIH) strongly preferred.
Soft SkillsExceptional problem-solving and analytical abilities, with a keen eye for detail.
Excellent communication and presentation skills for both technical and executive audiences.Proven track record of managing diverse teams and collaborating effectively across departments.Personal Attributes
Integrity : Upholds the highest ethical standards in protecting sensitive client data.Leadership : Inspires trust and confidence, fostering a culture of teamwork, accountability, and continual learning.Adaptability : Stays agile in a dynamic threat landscape, quickly pivoting security strategies as new risks emerge.Strategic Mindset : Balances day-to-day operational demands with long-term security vision and innovation.Benefits
What We Offer
Competitive Compensation : Commensurate with experience, plus potential bonus structures.Comprehensive Benefits : Medical, dental, vision, and retirement plan options.Professional Growth : Training allowances, continuing education support, and clear career advancement paths.Impactful Work : Play a pivotal role in safeguarding clients' data and reputations, contributing to the organization's broader mission of secure service delivery.
