Information Security Manager

Position Overview

We are seeking an experienced Information Security Manager to spearhead our efforts in safeguarding client data and maintaining a robust organizational threat posture. In this role you will lead strategic initiatives to protect sensitive information manage threat intelligence programs and ensure compliance with relevant regulations. You will also collaborate closely with various internal teamstechnical and nontechnical aliketo develop implement and continuously improve security best practices.

Key Responsibilities

1. Client Data Protection & Compliance
   

   • Design and enforce policies procedures and technical safeguards that secure client information from unauthorized access disclosure or misuse.
     
   • Stay current on data privacy regulations (e.g. GDPR CCPA) and industry standards (e.g. ISO 27001 SOC 2 incorporating them into organizational processes.
     
   • Oversee and maintain data classification protocols ensuring appropriate access controls and encryption methods are applied.
     

2. Threat Intelligence & Vulnerability Management
   

   • Establish a comprehensive threat intelligence program monitoring emerging risks and industry trends that could impact clients or the organizations security posture.
     
   • Conduct routine vulnerability assessments penetration tests and security audits prioritizing remediation efforts based on criticality.
     
   • Collaborate with crossfunctional teams (e.g. DevOps Network Engineering) to implement and validate fixes or security upgrades.
     

3. Incident Response & Crisis Management
   

   • Develop and continuously refine the Incident Response Plan (IRP) outlining clear processes for detecting containing and remediating security breaches.
     
   • Coordinate tabletop exercises and realworld simulations to test the IRP training staff to respond effectively in highstress scenarios.
     
   • Serve as the primary point of contact during security incidents liaising with external agencies (law enforcement regulatory bodies) as necessary.
     

4. Security Architecture & Best Practices
   

   • Work with solution architects and system administrators to integrate robust security controls into infrastructure software and cloud environments.
     
   • Evaluate and recommend new security products tools and services that enhance the organizations threat detection and prevention capabilities.
     
   • Enforce secure coding practices hardening standards and network segmentation protocols that align with evolving threats.
     

5. Governance Risk & Compliance (GRC)
   

   • Lead security risk assessments identifying and documenting vulnerabilities threats and overall risk exposure to client data.
     
   • Define and track security metrics (KPIs) reporting progress gaps and action plans to executive leadership.
     
   • Oversee internal and external security audits ensuring timely completion of any required corrective measures.
     

6. Team Leadership & Collaboration
   

   • Manage a team of security analysts engineers and incident responders providing coaching mentorship and clear performance objectives.
     
   • Foster a culture of security awareness and accountability throughout the organization conducting regular training sessions for all staff.
     
   • Coordinate with thirdparty vendors managed security service providers and consultants to strengthen the organizations security ecosystem.
     

Requirements

• Education & Experience
  

  • Bachelors degree in Computer Science Cybersecurity Information Systems or related field (or equivalent experience).
    
  • 5 years of handson experience in information security including roles in threat intelligence GRC and/or incident response.
    
  • Experience working within heavily regulated industries (e.g. finance healthcare government) is highly desirable.
    

• Technical Skills
  

  • Proficiency with SIEM platforms (e.g. Splunk QRadar) endpoint protection suites and vulnerability management tools (e.g. Nessus Qualys).
    
  • Indepth knowledge of security frameworks (NIST CSF ISO 27001 COBIT) and compliance standards (PCIDSS HIPAA SOC 2.
    
  • Handson expertise in cloud security (AWS Azure GCP) and containerization platforms (Kubernetes Docker) is a plus.
    

• Certifications
  

  • Relevant certifications such as CISSP CISM CRISC or GIAC (GSEC GCIA GCIH) strongly preferred.
    

• Soft Skills
  

  • Exceptional problemsolving and analytical abilities with a keen eye for detail.
    
  • Excellent communication and presentation skills for both technical and executive audiences.
    
  • Proven track record of managing diverse teams and collaborating effectively across departments.
    

Personal Attributes

• Integrity: Upholds the highest ethical standards in protecting sensitive client data.
  
• Leadership: Inspires trust and confidence fostering a culture of teamwork accountability and continual learning.
  
• Adaptability: Stays agile in a dynamic threat landscape quickly pivoting security strategies as new risks emerge.
  
• Strategic Mindset: Balances daytoday operational demands with longterm security vision and innovation.
  

Benefits

What We Offer

• Competitive Compensation: Commensurate with experience plus potential bonus structures.
  
• Comprehensive Benefits: Medical dental vision and retirement plan options.
  
• Professional Growth: Training allowances continuing education support and clear career advancement paths.
  
• Impactful Work: Play a pivotal role in safeguarding clients data and reputations contributing to the organizations broader mission of secure service delivery.