The IT Security Manager is responsible for leading and supporting information security governance, risk management, compliance, and security assurance activities across the organization.
Security Governance
• Develop, maintain, and improve information security policies, standards, procedures, and guidelines.
• Drive adoption of security governance practices across the organization.
• Partner with business and technology stakeholders to ensure security requirements are included in business processes and initiatives.
• Provide subject matter expertise on information security governance matters.
Risk Management
• Lead the identification, assessment, treatment, monitoring, and reporting of information security risks.
• Maintain and support the enterprise security risk register.
• Track remediation plans and ensure security risks are managed within approved timelines.
• Facilitate recurring security risk assessments across business functions and technology environments.
Compliance and Audit Support
• Coordinate internal and external information security assessments and audit activities.
• Support security requirements related to contractual, regulatory, customer, and industry obligations.
• Manage audit findings, corrective action plans, evidence coordination, and remediation tracking.
• Prepare management reports and metrics related to compliance and security program effectiveness.
Security Awareness and Training
• Develop and support security awareness and training activities.
• Promote practical security behavior across the organization.
• Provide guidance to employees, management, and stakeholders on security responsibilities.
Third-Party and Vendor Security
• Support third-party security risk management activities.
• Perform security reviews of vendors, service providers, and business partners.
• Track vendor security risks and coordinate remediation where required.
Security Program Management
• Support planning and execution of security initiatives, projects, and strategic objectives.
• Measure and report on information security prog
• Identify opportunities to improve security governance processes and reduce operational friction.
• Act as a central point of coordination and escalation for governance, risk, compliance, and security assurance matters.
OUT OF SCOPE:
• Security Operations Center management.
• Security incident response execution or technical investigation ownership.
• Security engineering, architecture, or tool administration.
• Endpoint detection and response platform ownership.
• Vulnerability scanning operations and patch execution.
• Identity and access management platform administration.
• Network security operations or firewall administration.
SECONDARY RESPONSIBILITIES:
• Participate in strategic security projects and security improvement initiatives.
• Support business continuity and disaster recovery governance activities where required.
• Assist with security-related customer, partner, and vendor questionnaires.
• Support annual policy reviews, documentation updates, and security reporting activities.
• Research emerging security risks, regulatory expectations, and industry practices relevant to the business.
• Contribute to continuous improvement of security governance workflows and stakeholder engagement.
QUALIFICATIONS:
• 5+ years of experience in information security, cybersecurity, risk management, governance, compliance, audit, or a related field.
• Strong understanding of information security principles, governance practices, and risk management processes.
• Experience coordinating security audits, assessments, findings, and remediation activities.
• Experience developing, maintaining, or supporting security policies, standards, procedures, and awareness programs.
• Strong written and verbal communication skills.
• Demonstrated ability to influence stakeholders across multiple business functions and regions.
• Strong analytical, organizational, and problem-solving skills.
• Ability to manage multiple priorities and deliver outcomes in a matrixed global environment.
EDUCATION AND EXPERIENCE:
• Bachelor's degree in Information Security, Cybersecurity, Information Technology, Risk Management, Business Administration, or a related discipline is preferred.
• An equivalent combination of education, professional certification, and relevant experience may be considered.
• Professional certification such as CISSP, CISM, CRISC, CGRC, ISO 27001 Lead Implementer, or equivalent.
Should you not receive any response within two weeks of applying, please consider your application unsuccessful.