Information Security Manager

Position Overview

The Manager of Information Security is responsible for overseeing the development, implementation, and management of an organisation's information security program. This role involves ensuring the confidentiality, integrity, and availability of corporate data and IT systems, protecting them from cyber threats and vulnerabilities. The Manager will work closely with various teams to establish and enforce security policies, conduct risk assessments, and lead incident response efforts.

Key Responsibilities

• Lead the creation of security awareness programs for employees to foster a security-conscious culture.
• Maintain and report on the status of the organisation’s security posture to leadership.
• Conduct regular risk assessments to identify vulnerabilities and threats to critical systems and data.
• Work with the business to evaluate security risks associated with new projects, third-party vendors, and technologies.
• Prioritise and recommend security measures to mitigate identified risks.
• Lead efforts to perform security audits and assessments, ensuring adherence to compliance and regulatory requirements.
• Lead the response to security incidents, including identification, containment, eradication, recovery, and post-incident analysis.
• Develop and maintain incident response plans, conduct tabletop exercises, and ensure effective communication during a crisis.
• Collaborate with legal, communications, and management teams during and after incidents, particularly for breach notifications and regulatory reporting.
• Oversee the day-to-day operations of security technologies and tools (e.g., SIEM, firewalls, endpoint security, intrusion detection systems).
• Ensure continuous monitoring of security events and threats, performing analysis and response as needed.
• Maintain and optimise vulnerability management programs, including patching and remediation efforts.
• Foster a collaborative and effective security team, ensuring appropriate skill sets and training programs.
• Work closely with IT and other departments to ensure that security is integrated into all stages of system development and operations.
• Ensure compliance with relevant legal, regulatory, and industry standards for data protection and cybersecurity.
• Maintain documentation for audits, certifications, and external assessments.
• Coordinate with external auditors and regulators, as needed.
• Stay current on evolving security threats, vulnerabilities, and technologies.
• Continuously evaluate and improve security processes, tools, and policies.
• Participate in industry forums, conferences, and professional groups to enhance knowledge and best practices.

Required Qualifications

Preferred Qualifications