Information Security Manager

Location:	Century City
Type:	Permanent
Reference:	#24002
Company:	Datafin Recruitment

Your strong project management background, understanding of software development processes and comprehensive knowledge of information security best practices, specifically related to cloud-hosted services is sought by a dynamic Software Service Delivery Provider to fill the critical role of an Information Security Manager. You will be responsible for monitoring, investigating, and responding to security incidents, as well as providing guidance and training to employees regarding Information Security protocols and processes. Applicants will require a Bachelor's/Master's Degree in Computer Science, Information Security, or the equivalent in a related field with a CISSP, CISM or other relevant certifications and 6+ years work experience in a similar role, be familiar with Privacy regulations such as GDPR, CCPA & solid knowledge of data security best practices, industry standards, and frameworks including ISO 27001, SOC 2.

Duties:

• Develop and maintain a comprehensive ISP that aligns with industry best practices and regulatory requirements.
• Establish and maintain information security policies, procedures, and guidelines to ensure the confidentiality, integrity, and availability of data.
• Conduct regular risk assessments to identify and evaluate potential security risks and vulnerabilities in software development processes, systems, and infrastructure.
• Conduct and administrate a company wide gap analysis with the focus on the assessment of industry standards, policies and the current state of the implementation thereof.
• Project management of "InfoSec projects", including the successful draft and response to any customer request or questionnaire related to information and data security.
• Lead efforts to achieve and maintain certifications, such as ISO 27001 and SOC 2, ensuring compliance with the respective standards.
• Implement and manage security controls, including firewalls, intrusion detection systems, data encryption, access controls, and identity appropriate management systems.
• Stay up to date with emerging security threats, vulnerabilities, and technologies, and provide recommendations for improving the company's security posture.
• Collaborate with cross-functional teams to define and implement security policies, procedures, and guidelines.
• As DPO, manage security incidents and coordinate incident response activities, including investigation, containment, and recovery.
• Conduct regular security awareness training for employees to promote a culture of security awareness and compliance.
• Oversee the implementation and monitoring of security controls for cloud services, ensuring adherence to best practices and industry standards.
• Establish and maintain relationships with external vendors, auditors, and regulatory bodies to ensure compliance with relevant regulations and standards.
• Prepare and present comprehensive reports to senior management on the state of Information Security, including risk assessments, incident trends, and remediation progress.
• Act as the Data Protection Officer (DPO) and should display the ability to manage critical escalations as part of the response procedures during an information or data breach incident.

Key Initial Responsibilities:

The information Security Manager's initial focus areas will include:

• Initial fact-finding, investigation and assessment.
• Perform a gap analysis to determine the current state of compliance as measured against industry standard information security best practices.
• Evaluate, prioritise critical areas of non-compliance.
• Document, plan and gain approval for the remediation of issues identified.
• ISO27001 (or equivalent) Certification.
• Engage consultants and lead on the certification process.
• Review outcome and develop a remediation plan to ensure certification standards are met.
• Own the implementation of an approved remediation plan.
• Secure Certification.
• Reporting.
• Develop reporting capabilities to clearly articulate the information and data security status, incorporating a Central Risk Register.
• Customer information security questionnaires
• Ownership of all customer questionnaires, including the acceptance, draft, review, cross team collaboration and final response.

Posted on 21 Jul 12:45, Closing date 20 Aug