Information Security Manager

The Information Security Manager will oversee the security and compliance of the companys systems and data.

This role is pivotal in ensuring that the company adheres to relevant regulations maintains critical security

certifications and fosters a culture of security across the organization. The individual will play a key role in

protecting digital assets managing risk and promoting security best practices in alignment with business goals

Key Responsibilities :

Compliance and Certifications Management

Lead the maintenance and renewal of key security certifications including ISO 27001 SOC 2 GDPR

and other relevant regulatory frameworks.

Monitor and ensure continuous compliance with global and local regulations including data privacy

laws such as GDPR PDPA and DPDPA.

Conduct regular internal audits to assess security measures and readiness for certification renewals.

Digital Security and Risk Management

Develop and manage the company s information security strategies and policies to address cyber

threats ensuring proactive protection of systems and sensitive data.

Conduct risk assessments and vulnerability analyses to identify potential security issues and

implement remediation plans.

Manage digital security incidents leading incident response teams to ensure timely resolution and

postincident analysis.

Security Operations and Tools

Oversee the deployment management and optimization of security tools such as firewalls SIEM

identity management systems and endpoint protection.

Stay up to date with the latest cybersecurity trends vulnerabilities and emerging threats

implementing new tools and technologies to enhance the organization s security posture.

Collaborate with IT and development teams to implement DevSecOps practices and ensure security is

integrated into all stages of software development and operations.

Team Leadership and Development

Foster a securityfirst culture across all departments.

Establish objectives for the extended IT team initiate security goals and drive continuous professional

development to stay ahead of the latest security trends.

Collaborate with crossfunctional teams including legal compliance and product to ensure security is

embedded in all aspects of business operations.

Security Advocacy and Awareness

Act as a Security Champion promoting security awareness and training programs across the

organization.

Organize workshops and training sessions to ensure that all employees understand the importance of

information security and adhere to established security policies.

Encourage best practices and maintain open communication channels for reporting and managing

security concerns.

Disclaimer : Job descriptions are not exhaustive and the employee may be required to undertake duties that

are in line with but not limited to the above responsibilities

Qualifications : Education :

Bachelor s degree in Information Security Computer Science or a related field. A Master s degree is

preferred.

Certifications :

Relevant security certifications such as CISSP CISM CISA or equivalent are required.

Experience :

Minimum of 8 years of experience in information security or related roles with a strong track record

of compliance management and cybersecurity.

Handson experience managing and maintaining certifications such as ISO 27001 SOC 2 and GDPR

compliance.

Technical Skills :

Proficiency in security frameworks (ISO 27001 NIST) cloud security (AWS Azure GCP) and incident

response.

Strong knowledge of risk management threat detection and mitigation strategies as well as

experience using security tools like SIEM and firewalls.

Soft Skills :

Strong leadership and communication skills with a proven ability to influence security culture across

an organization.

Analytical and problemsolving abilities with a proactive approach to security risk management.

Ability to work collaboratively with crossfunctional teams including legal and compliance.

Preferred Skills :

Experience with DevSecOps and automating security processes.

Previous experience managing security operations in regulated industries (e.g. financial services

healthcare).

Strong knowledge of data protection regulations across different regions including GDPR PDPA and

DPDPA.

risk management,iso 27001,aws,cisa,gcp,cissp,security,gdpr,cism,firewalls,siem,risk,devsecops,nist,threat detection,azure,information security,soc 2