Information Security Manager

Job Purpose
• This position is responsible for establishing and maintaining a corporate wide information security management program to ensure that information assets are adequately protected.
• The position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise.

Key Responsibilities

Strategic Support and Management
• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
• Develop, maintain, and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
• Create, communicate, and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.
• Develop and manage information security budgets and monitor them for variances.
• Create and manage information security and risk management awareness training programs for all employees, contractors, and approved system users.
• Create a framework for roles and responsibilities regarding information ownership, classification, accountability and protection
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.

Security Liaison
• Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
• Manage security issues and incidents, and participate in problem and change management forums. Ensuring timely reporting and adequate participation in investigation for ICT security incidents
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

Architecture Support
• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements

Qualifications

A bachelor's degree in technology/information systems (B.Tech) or equivalent

Experience

A minimum of eight years of IT experience, with five years in an information security role and at least two years in a supervisory capacity