Lead, Information Security
Envoy Global is a proven innovator in the global immigration space. Our mission combines our industry-leading tech platform with holistic service to streamline, simplify and expedite the immigration process for employers and individuals.
We are looking for a motivated Information Security Lead, who is a self-starter, has an eye for detail, is analytical in approach, loves solving problems, and someone who will take initiatives to build and improve the company’s information security posture, identify risks and act on the required changes quickly.
This incumbent will be responsible for leading the information security program, including the development, implementation, and monitoring of the information security management system (ISMS), cyber and network security policies and procedures, and technologies. The role also involves leading and performing risk assessments and audits, incident response, and managing the security awareness program. The Information Security Manager will be responsible for ensuring compliance with regulatory requirements and industry standards for information security.
As our Information Security Lead, you will be required to:
• Identify and assess information security risks, conducting regular risk assessments and vulnerability assessments.
• Develop and implement risk mitigation strategies and controls to protect against potential threats.
• Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.
• Lead the day-to-day security alerts investigation/assessment and update the incident response plans.
• Coordinate responses to security incidents, conduct post-incident analysis, and implement corrective and preventive action plan.
• Develop and deliver information security training programs for employees at all levels.
• Foster a culture of security awareness throughout the organization.
• Collaborate with IT teams to ensure that security is integrated into system development and deployment.
• Assess, evaluate and manage the security posture of third-party vendors and partners.
• Establish and maintain strong relationships with vendors to ensure the security of products and services.
• Management of foundational security tooling e.g. tools like EDR, Proxy, DLP, SIEM, PIM/PAM, Cloud Security.
• Refine and maintain security dashboards and reports to support the production of security metrics and quarterly security reporting.
• Develop and lead global information security awareness activities.
• Ensure security documents are controlled, reviewed, and updated in line with various contractual and regulatory requirements.
• Coordinating with internal/external auditors by capturing evidence to support audit and compliance requirements.
• Provide support in responding to client security assurance assessments and audits.
To apply for this role, you should possess the following skills, experience and qualifications:
• At least 5-8 years of experience in a global information security team.
• Bachelor’s Degree in IT or related field or relevant work experience.
• Strong knowledge of Information Security Management and ISMS
• Experience in Cybersecurity, Network Security, Data Protection and Information Security (process and tools)
• Experience managing security policies, procedures, and technologies
• Experience conducting risk assessments and audits
• Strong communication, analytical and problem-solving skills
• Familiarity with regulatory requirements and industry standards for information security like NIST, ISO 27001, SOC 2 Type IIl etc.
• Experience in security awareness program management is a plus
• Bachelor's or Master's degree in Information Security or Computer Science or equivalent experience
• ISO 27001 LI, CISM and CISSP certification's are desirable.