Information Security Manager
- Provides expertise in all aspects of enterprise information security management.
- Focused on Security Audits, Cybersecurity Assessments and Penetration Tests for corporate IT environment.
- Security Audits
- Provides subject matter expertise as for all applicable information security related regulations and standards (ISO 27001, NIST, ISF SoGP, CobIT, GDPR related, etc.).
- Manages and performs internal security audits and cybersecurity assessments of information services and solutions.
- Coordinates involvement of company’s team and participates in external security audit activities.
- Recommends controls to provide the most reasonable and cost-effective protection of corporate assets.
- Performs information security assessment of suppliers.
- Runs tender procedure to invite consulting companies and supervises projects for security assessments and implementations.
- Manages cross-department activities in area of responsibility.
- Develops and maintain security normative documents.
- Develops, measures and analyzes KPI for process in area of responsibility.
- Contributes to reviews and development of corporate-level normative documents.
- Participates in security awareness activities, corporate risk management process.
- Participates in review and development of security requirements for information services, the implementation of security solutions.
- Participates in IT problem and change management forums.
- Participates in delivering of presentations on security topics for prospective and current customers.
- Ability to organize, create, and deliver technical proposals and presentations to peers and management.
- Proactive, result oriented personality able to work in a team.
- Ability to respond effectively to highly sensitive inquiries or complaints.
- Analytical and problem-solving skills and experience in generating insights and recommendations, comfortable dealing with data.
- A systematic approach to solving problems.
- Good organizational skills.
Qualifications & Skills:
- 3+ years of progressive experience in Information Security is a MUST.
- Practical skills in security assessment process.
- Professional knowledge of standards on IT and security audits and assessments Like: ITAF, ISO 27008, NIST SP 800-115, OWASP.
- Deep understanding of architecture of IT infrastructure and information services.
- Excellent communication skills with security team, IT organization, application development teams, corporate management.
- Experience in use of Excel and business analytics tools such as Power BI.
- At least Intermediate level of English both spoken and written.
- Proven skills in development of policies, regulations and procedures.
- Knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISF SoGP, PCI-DSS.
- Personal qualification certification is preferred like: CISSP, CISA, CISM or CEH.
- Knowledge of secure application development and cloud security best practices.
- Project management knowledge and experience.