Information Security Manager

Responsibilities:

• Establish and upkeep a structured GRC framework with industry-aligned controls to address specific business threats.
• Evaluate, prioritize, and revise existing IT security policies to align with compliance standards.
• Conduct risk assessments for new IT projects, identifying potential vulnerabilities and recommending protective measures.
• Lead to ensure effective governance through the Third Party Risk Management program.
• Continuously assess the effectiveness of GRC standards in mitigating IT risk.
• Collaborate with Internal Audit and IT teams to maintain compliance with company IT security policies.
• Define GRC framework metrics, maintain a management dashboard, and generate an annual GRC framework compliance report for executives.
• Provide training and support to management and employees on GRC programs.
• Partner with internal and third-party IT security experts to stay updated on industry trends, controls, and security technologies.

Preferred Qualifications:

• A technical bachelor's degree (e.g., Computer Science, MIS, Engineering, or Mathematics) is highly desirable.
• Experience in establishing, implementing, and maintaining a GRC framework in a diverse business setting.
• Practical experience in assessing compliance with common standards like ISO 27001/27002/27005 and IT security risk frameworks such as the NIST Cybersecurity Framework.
• Proficiency in IT risk modeling.
• Strong problem-solving skills, including the ability to create innovative risk management solutions.
• Effective and precise English communication skills for job requirements.
• Strong work habits, a diligent work ethic, quick adaptability to new technology, and adherence to company policies and professional etiquette.
• Experience in network, host, data, or application security.
• Knowledge of security methodologies.
• Experience in a CSIRT or SOC.
• Familiarity with security tools and concepts.

Information Security Responsibilities:

• Monitor security logs for system and network irregularities and perform initial analysis.
• Respond to suspicious incidents reported by users.
• Evaluate firewall change requests and assess risks, including email security monitoring.
• Collect and analyze logs from various security tools.
• Support IT operations with remediation and application events.
• Conduct initial forensic assessments of internal systems.
• Assist in log collection from various sources.
• Communicate technical assessment outcomes and assist in policy development.
• Identify and address configuration changes affecting event collection.
• Prepare reports on analysis methods.
• Maintain Standard Operating Procedures.

Business Applications:

• Experience in systems analysis, systems engineering, or equivalent.
• Proficient in SAP (e.g., MM, QM, FI, BW, HR), Gui XT, Winshuttle, and SharePoint.
• Solve operational challenges, enhance application systems.
• Conduct departmental studies for system functionality.
• Anticipate IT impacts.
• Liaison between client areas and departments.
• Collaborate on client requirements and system impacts.
• Engage in enterprise system development.
• Support division staff in system usage.
• Develop systems, assist end-users.
• Implement compliance policies.
• Provide technical expertise.
• Oversee system applications.
• Ensure compliance with standards.
• Act as an internal consultant.

Offer:

• Competitive salary and allowances.
• 30 vacation days with flexibility.
• Hybrid work options.
• Home office setup.
• Car or mobility budget.
• Work devices for personal use.
• No mandatory pension contribution.
• Extensive training opportunities.
• Focus on well-being and fitness programs.