IT Security Manager

Deskripsi

- Work with the VP and senior managers to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
- Manage the process of gathering, analyzing, and assessing the current and future threat landscape.
- Lead the preparation of the company's Information Security audits.
- Monitor and report on compliance with security policies, as well as the enforcement of policies across the company.
- Evaluate and update new & existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software as part of Privacy by Design and Default.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Develop a strong working relationship with the other IT teams to develop and implement controls and configurations aligned with security policies and legal, regulatory, and audit requirements.
- Manage and coordinate operational components of security incident management, including detection response and reporting.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
- Manage security projects and provide expert guidance on security matters for other IT projects.
- Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
- Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
- Provide Information security communication, awareness, and training to the appropriate company staff.
- Engage effectively with appropriate external networks and external professional bodies.
- Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
- Continuously improve processes and implement tools for policy management.

Persyaratan

- A bachelor’s degree in Computer Science or a related field.
- Five or more years of experience in technology, IT security, and/or compliance role.
- Solid familiarity with general enterprise technology architecture.
- Experience in determining, developing, and/or implementing information security controls and policies.
- Proven project management and organizational skills, specifically managing multiple concurrent projects and/or clients.
- Certifications or the ability to obtain certification, such as CISSP, CISA, or CISM are preferred.
- Excellent analytical, problem-solving, and decision-making skills, applied with a solution-focused attitude.
- Excellent verbal communication skills and experience influencing key stakeholders.
- Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy.
- Have a strong desire to continuously improve.
- Experience or familiarity with information security frameworks and standards such as ISO27001, ISO27002, SOC2, COBIT, and COSO.