Information Security Manager

Responsibilities

• Reporting to the CIO, manage and monitor the enterprise Information Security program to ensure the confidentiality, availability, and integrity of systems and data
• Manage and maintain our Information Security Management System (ISMS) and related policies, standards, guidelines, procedures, and controls to ensure ongoing maintenance of security
• Ensure that our company, products, systems, and services maintain industry-standard security, based on the family of ISO27001, NIST, SOC, and/or similar industry standards
• Ensure that policies, procedures, and controls are in place, and operate & support internal/external reviews & audits; administer and govern internal compliance with policies and processes
• Ultimately, owns the "risk surface" and evaluates the effectiveness of existing controls, identifies gaps, and recommends improvements to mitigate risks and enhance the firm's risk posture while prioritizing security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the strategic plan
• Provide regular reports with senior stakeholders on our cyber security standing, identified risks, and mitigation strategies
• Support the development of information security training and awareness across the business, ensuring targeted and bespoke training is developed to support key areas of the business
• Will serve as an expert resource and will work cross-functionally with other teams including R&D, Engineering, Operations, and Support teams on all security-related matters to ensure security is a primary objective

Qualifications

• Bachelor’s degree in computer science, Information Systems, or equivalent education or work experience
• Minimum 7 years of experience in information technology, majority of which is in information security management and/or cyber security operations management
• Deep experience with all Cyber Security domains
• Successful implementation and mastery of ISO 27001
• Knowledge and experience with frameworks and standards such as ITIL, NIST, CIS
• Knowledge and experience with common information security management frameworks, audits, and regulatory requirements such as BDDK, SPK and KVKK regulations
• Strong knowledge of Information Assurance and Governance
• Strong experience in risk identification, assessment, and control evaluation, with a strong understanding of industry standards
• Demonstrated ability to analyze complex issues, develop and implement risk mitigation strategies, and communicate effectively with senior stakeholders
• Proficient knowledge of risk management frameworks, regulations, and industry best practices
• A Defense in depth and Zero trust architectural mindset
• Experience with the Cyber Kill Chain Model, MITRE ATT&CK or other relevant cybersecurity defense and intelligence frameworks
• Strong experience with Red Hat IDM and PAM solutions
• Strong understanding and experience with Firewalls, Data Loss Prevention, IDS/IPS, NDR, Server and Endpoint Security, EDR/XDR, Microsoft 365 Security and Compliance, as well as other security elements
• ISO 27001 Lead Auditor certificate is a plus
• One or more of the following professional certifications is a plus: CISSP, CISA, CISM, SANS GIAC
• One or more vendor-specific training/certifications
• Strong experience and in-depth knowledge of architecture and operations of at least one enterprise SIEM platform
• Experience with Windows and Linux operating systems security hardening
• Strong experience with penetration testing, vulnerability and security risk assessments, patch management, vulnerability management, threat intelligence and hunting, and incident response
• Mindful of emerging IS & Cyber Security regulations, risks, and the changing threat landscape facing global companies
• Ability to lead, develop and motivate people and teams to achieve tactical and strategic goals
• Strong attention to detail, analytical mind with outstanding problem-solving skills, can work comfortably under pressure and deliver on tight deadlines
• Strong communication and organizational skills
• Ability to document business processes and flows
• A self-starter with strong work habits, able to simultaneously handle multiple tasks and projects
• Excellent command of written and spoken English