Infosecurity Engineer

The Senior Information Security Manager is responsible for designing, implementing, and overseeing the organization’s information security strategy, ensuring that our systems, data, and assets remain protected against evolving cyber threats. This role requires a deep understanding of security frameworks, risk management, compliance requirements, and the ability to lead cross-functional teams in building a resilient security posture.

1. Security Strategy & Governance

• Develop and execute the organization’s information security roadmap aligned with business objectives.

• Establish, maintain, and enforce security policies, standards, and procedures.

• Implement governance frameworks such as ISO 27001, NIST CSF, CIS Controls, or equivalent.

2. Risk & Compliance Management

• Identify, assess, and mitigate information security risks across the enterprise.

• Ensure compliance with relevant regulations (e.g., GDPR, HIPAA, PCI DSS, SOX).

• Manage security audits, penetration tests, and vulnerability assessments.

3. Threat Detection & Incident Response

• Oversee continuous monitoring of systems for potential security breaches.

• Lead and coordinate incident response efforts, including investigation, containment, eradication, and recovery.

• Conduct root cause analysis and develop preventive measures.

4. Security Architecture & Technology

• Work with IT teams to design secure architectures for applications, networks, and cloud services.

• Evaluate, implement, and manage security tools such as SIEM, EDR, DLP, IAM, and WAF.

5. Leadership & Training

• Lead and mentor a team of security analysts and engineers.

• Drive security awareness and training programs across the organization.

• Collaborate with senior leadership to embed security into all aspects of the business.

6. Vendor & Third-Party Security

• Assess and manage security risks in third-party relationships.

• Establish security requirements and SLAs with vendors and partners.

Education & Experience:

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

• 8+ years of progressive experience in information security, with at least 3 years in a leadership role.

• Industry certifications such as CISSP, CISM, CISA, GIAC, or equivalent.

Technical Skills:

• Strong knowledge of security technologies and best practices.

• Hands-on experience with cloud security (AWS, Azure, GCP).

• Proficiency in threat modeling, penetration testing, and security architecture design.

Soft Skills:

• Excellent leadership, communication, and stakeholder management skills.

• Ability to translate technical risks into business impact.

• Strong analytical and problem-solving abilities.