[ref. s22352324] Information Security Manager

Job Description

Job Purpose

To take full ownership of the security operations, governance, and risk management functions across our organization. This role will serve as the single point of contact for all security-related matters, ensuring that security practices are effectively embedded into IT operations, applications, cloud environments, and third-party services.

The ideal candidate is a technically strong and process-oriented security leader with the ability to manage day-to-day security operations while providing strategic input to the leadership team. He will work closely with ICT, Infrastructure, Applications, and Vendor teams to monitor, detect, and remediate security risks while ensuring compliance with security frameworks.

• End-to-End Security Management: Manage and oversee the entire security estate, covering infrastructure, applications, endpoints, and cloud (public, private, hybrid) environments.
• Security Risk Management: Identify, assess, document, and maintain the organizations security risk register. Track, report, and work with stakeholders to ensure timely risk mitigation.
• Vulnerability Management & Remediation Oversight: Lead vulnerability management programs and coordinate remediation activities with IT and application teams, ensuring vulnerabilities are tracked, closed, and reported.
• Security Monitoring & Incident Management: Oversee security monitoring activities (via MSSP/SOC), coordinate incident response, and ensure high-quality service delivery from third-party security vendors and MSS providers.
• Governance & Compliance: Drive security governance processes, policies, and procedures; ensure alignment with regulatory and industry best practices (ISO27001 & NIST).
• Security Reporting & Metrics: Prepare and present regular security posture reports, risk dashboards, and incident summaries to senior management.
• Vendor Management: Engage with and manage security technology vendors and partners, ensuring effective solution delivery and SLA adherence.

• 15+ years of hands-on security experience, including 3+ years in a managerial role.
• Strong technical expertise in infrastructure, cloud security, application security, and security operations.
• Experience managing MSSP, SOC, vulnerability management, and remediation programs.
• Proven experience in risk management, vulnerability lifecycle, and incident response.
• Ability to prepare and present executive-level reports and dashboards.
• Excellent knowledge of security governance, ISO 27001, NIST CSF, regulatory compliance, and audit requirements.
• Experience working with tools such as SIEM, EDR, IAM, DLP, MDM and cloud security solutions.
• Strong interpersonal skills with the ability to work with cross-functional teams and vendors.
• Certifications such as CISSP, CISM, CCSP, or equivalent.