Information Security Manager
Job Purpose
The Information Security Manager is responsible for establishing, implementing, monitoring, and continuously improving the organization’s information security program to protect information assets, systems, networks, and data against cyber threats and security risks.
The role ensures alignment with business objectives, regulatory requirements, and industry standards such as ISO 27001, while driving governance, risk management, security operations oversight, and security awareness across the organization.
Key Responsibilities
Information Security Governance
- Develop, implement, and maintain the organization’s Information Security Management System (ISMS)
- Ensure alignment with ISO 27001 and other applicable security standards and frameworks
- Define and maintain information security policies, procedures, standards, and guidelines
- Establish and monitor security governance processes and controls
- Support internal and external security audits and compliance activities
Risk Management & Compliance
- Conduct security risk assessments and vulnerability assessments
- Identify, assess, and mitigate information security risks
- Maintain risk registers and track remediation activities
- Ensure compliance with regulatory, contractual, and internal security requirements
- Coordinate security reviews and compliance reporting
Security Operations Oversight
- Oversee SOC operations, alert monitoring, and incident escalation processes
- Ensure proper incident response and security event management
- Review and monitor vulnerability management and patch management activities
- Monitor privileged access management and identity access controls
- Oversee firewall rule reviews and network security governance
Incident Management
- Lead or coordinate information security incident investigations and response activities
- Ensure incidents are documented, tracked, resolved, and reported appropriately
- Coordinate root cause analysis and corrective action implementation
- Maintain and test incident response procedures and playbooks
Access Management & Security Controls
- Ensure implementation of least privilege and segregation of duties principles
- Review privileged accounts and access rights periodically
- Ensure proper authentication, MFA, and access governance controls are enforced
- Monitor third-party and vendor access risks
Business Continuity & Disaster Recovery
- Support business continuity planning and disaster recovery initiatives
- Ensure security considerations are integrated into DR and BCP processes
- Participate in recovery testing and resilience assessments
Security Awareness & Training
- Develop and manage security awareness programs
- Conduct user awareness sessions and phishing simulations
- Promote security culture across the organization
Reporting & Management
- Prepare security dashboards, KPIs, KRIs, and management reports
- Present security posture updates to management and relevant committees
- Track remediation actions and security improvement initiatives
- Provide recommendations to strengthen the organization’s security posture
Key Skills & Competencies
Technical Skills
- Information Security Governance
- ISO 27001 Framework
- Risk Management
- Incident Response
- Vulnerability Management
- Identity & Access Management (IAM)
- Privileged Access Management (PAM)
- Security Operations / SOC
- Firewall & Network Security
- Security Monitoring Tools
- Audit & Compliance
Soft Skills
- Strong analytical and problem-solving skills
- Leadership and stakeholder management
- Excellent communication and reporting abilities
- Decision-making and risk-based thinking
- Project coordination and organizational skills
Qualifications & Experience
Education
- Bachelor’s degree in information security, Computer Science, IT, or related field
Certifications (Preferred)
- ISO 27001 Lead Implementer or Lead Auditor
- CISSP
- CISM
- CEH (Optional)
Experience
- 7+ years of experience in information security, cybersecurity, or IT risk management
- Experience implementing or managing ISO 27001 controls and compliance initiatives
- Experience with security operations and incident management processes
Additional Responsibilities
- Participate in security projects and transformation initiatives
- Stay updated with evolving cyber threats and industry best practices
- Support regulatory inspections and audit engagements
- Contribute to continuous improvement of the security framework