Position Title: Information Security Manager
Role Summary:
Are you an ambitious professional looking to lead information security initiatives in a dynamic and growing organization? We're seeking an Information Security Manager to spearhead our security efforts, focusing primarily on application security with some network security responsibilities. With a strong emphasis on NIST and ISO frameworks, as well as experience in combating email threats like phishing and ransomware, you'll play a pivotal role in safeguarding our data assets. If you're passionate about cybersecurity and eager to take on new challenges, we invite you to join our team.
Key Responsibilities:
- Develop and Implement Security Programs: Design and execute a comprehensive information security program focused on application security (80%) and network security (20%), ensuring alignment with NIST and ISO frameworks.
- Email Security & Threat Mitigation: Stay ahead of industry trends and emerging threats, particularly related to email security, including phishing and ransomware. Implement effective measures to mitigate these risks.
- Security Environment Transition: Lead the transition from the current security environment, including the migration to a more robust setup with SIEM implementation (Splunk or Solarwinds).
- Cross-functional Collaboration: Work closely with cross-functional teams to implement and manage security controls, including SIEM solutions, to detect and respond to security incidents effectively.
- Penetration Testing: Regularly conduct penetration testing using tools like Nessus to identify and address vulnerabilities promptly.
- Guidance & Training: Provide guidance and support on security best practices, including delivering email security awareness training and refining incident response procedures.
- Monitor Security Metrics: Track security metrics and key performance indicators (KPIs) to assess the effectiveness of the information security program and identify areas for continuous improvement.
- Vendor Collaboration: Engage with vendors and external partners to stay updated on the latest security technologies and evaluate their suitability for the organization.
Job Requirements:
- Education: Bachelor’s degree in Computer Science, Information Systems, or a related field.
- Experience: Minimum of three years of experience in information security or related roles, with a strong focus on application security and comprehensive knowledge of NIST and ISO frameworks.
- Technical Expertise: Proficiency in combating email threats like phishing and ransomware, along with experience in implementing security measures to mitigate these risks.
- Security Tools Knowledge: Familiarity with security tools and technologies, including Crowdstrike, SIEM solutions (Splunk or Solarwinds), and penetration testing tools like Nessus.
- Skills: Strong analytical and problem-solving skills, with the ability to assess and address security vulnerabilities effectively. Excellent communication and interpersonal skills, enabling effective collaboration with stakeholders at all levels.
- Certifications: Relevant certifications such as CISSP, CISM, or equivalent are a plus but not required.
- Mindset: Self-motivated, eager to learn, and passionate about cybersecurity, with a drive to make a significant impact on the organization’s data security posture.
Why Join Us?
If you're ready to take on a leadership role in information security and help shape the future of our organization's security posture, we want to hear from you. Join us in protecting our data assets and ensuring the confidentiality, integrity, and availability of our information systems.