JOB SUMMARY: The Information Security Manager is responsible for overseeing the implementation and maintenance of the organization's information security strategy. This role ensures that security policies, procedures, and controls effectively protecting digital assets and aligning with regulatory requirements. The manager works closely with IT, compliance, and business units to manage risks, respond to incidents, and promote a culture of security awareness. SCOPE OF WORK: 1. Security Governance & Strategy Develop, implement, and maintain security policies, standards, and procedures. Align security initiatives with business objectives and regulatory requirements. Support internal and external audits and ensure compliance with frameworks (e.g., ISO 27001, NIST, GDPR). 2. Risk Management Conduct regular risk assessments and vulnerability scans. Maintain and update the enterprise risk register. Recommend and oversee remediation plans for identified risks. 3. Security Operations Monitor and manage security tools (e.g., SIEM, firewalls, antivirus, DLP). Lead incident response efforts and forensic investigations. Coordinate with IT teams to ensure timely patching and system hardening. 4. Identity & Access Management Oversee user access controls and privilege management. Ensure proper implementation of multi-factor authentication (MFA) and role-based access. 5. Security Awareness & Training Develop and deliver security awareness programs for employees. Promote best practices and ensure ongoing education on emerging threats. 6. Project & Vendor Security Provide security oversight for IT and business projects. Review third-party vendor contracts and solutions for security compliance. EDUCATIONAL REQUIREMENTS: Bachelor 's Degree in Information Security, Computer Science, Information Technology, Cybersecurity or any related field. Preferred: Master's Degree or postgraduate coursework in cybersecurity, risk management, or IT governance. Recommended Certifications: CISM (Certified Information Security Manager) - by ISACA Ideal for managing enterprise security programs. CISSP (Certified Information Systems Security Professional) - by (ISC) Broad coverage of security domains. ISO/IEC 27001 Lead Implementer or Auditor - for governance and compliance. CompTIA Security+ or CySA+ - for foundational and operational security. CEH (Certified Ethical Hacker) - for threat analysis and penetration testing. KEY QUALIFICATIONS/SKILLS: 5+ years of experience in Information Security Management Strong understanding of security frameworks (ISO 27001, NIST, COBIT) Experience with security operations tools and incident response Knowledge of cloud security (Azure, AWS, M365) Excellent communication and leadership skills Ability to manage cross-functional teams and influence stakeholders Analytical thinking and decision-making under pressure Benefits: 13th Month Pay Company Christmas gift Birthday Cash Gift Company events Health insurance HMO 10 Service Incentive Leave Show more Show less