Information Security Manager

The Information Security Manager plays a vital role in ensuring the confidentiality, integrity, and availability of an organization’s information assets. Key responsibilities include regularly reviewing and updating information security policies, maintaining an inventory of information security assets, identifying and mitigating risks, implementing robust security measures, and responding to security incidents. This role works closely with the legal and compliance departments and collaborates across all teams to enforce security policies, protect data, and ensure compliance with regulatory requirements. This position also ensures seamless communication with external technical support providers (ICT) to align infrastructure with security policies.

1. Internal Information Security Policies and Procedures
   • Review and update internal information security policies and procedures regularly.
   • Develop new policies and guidelines to address emerging threats and organizational needs.
   • Ensure all policies comply with legal, regulatory, and industry standards.
2. Risk Assessment and Management
   • Perform regular risk assessments.
   • Identify, evaluate, and suggest solutions to mitigate security risks.
   • Coordinate third-party vendor engagement for vulnerability scans and penetration testing.
3. Audit and Maintenance of Information Security Assets
   • Conduct regular audits of all IS assets, including hardware, software, and network infrastructure.
   • Maintain an up-to-date register of IS assets, ensuring accurate records are kept for inventory and security purposes.
4. Incident Response
   • Investigate potential security breaches and alerts.
   • Develop and implement incident response plans to address and contain risks.
   • Perform forensic analysis to determine the root causes of incidents.
5. Compliance and Governance
   • Ensure compliance with regulations and standards, such as ISO 27001:2022 and NIST.
   • Support internal and external security audits.
   • Maintain detailed records of compliance activities.
6. Awareness and Training
   • Develop training materials on information security to employees.
   • Automate internal training processes and maintain training records.
   • Foster a culture of security awareness throughout the organization.
7. Customer Vendor Assessment
   • Complete customer questionnaires as part of vendor assessment and registration processes.
   • Ensure responses are accurate and reflect the organization’s security practices and policies.
8. Software and Service Approval

• Approve the use of new software and third-party services based on employee requests.
• Evaluate security implications of requested tools and services before granting approval.
• Ensure compliance with internal security policies and industry standards for new software and services.

9. Collaboration and Communication

• Work closely with CTO, ICT, legal, and other departments to align security measures with business goals.
• Provide regular reports to management on the organization’s security posture and areas for improvement.

10. Continuous Improvement

• Stay informed about emerging threats, vulnerabilities, and security technologies.
• Propose and implement enhancements to strengthen the organization’s security infrastructure.

• 3-5 years of experience in information security management or related roles.
• Solid knowledge of ISO 27001:2022 and related standards.
• Experience in drafting internal information security policies and organizing internal security training sessions.
• English proficiency at B2 (Intermediate) level or higher.

• Understanding of network security, endpoint protection, and encryption techniques.
• Strong problem-solving and communication skills.
• Professional certifications in information security, privacy, or related fields.

• Primarily office-based, with the option to work remotely up to 3 days a week after the probation period, depending on job responsibilities.
• May require on-call availability to address critical security incidents.

Benefits:

• Vacation - 22 working days, 3 day ill;
• Flexible working hours;

• Corporate medical insurance at a special price for family employees.