Information Security Manager
The information security manager is responsible for protecting the organization’s computers, servers, networks, cloud resources and data against threats, such as security breaches, computer viruses or attacks. This is done through advanced tools, manual configurations, policy establishment and enforcement and creating awareness throughout the organization. The key goal is to establish an enterprise security stance through policy, architecture and training processes, thus bringing the organization’s information security risks under explicit management control.
- Responsible for the Information Security Management function, providing line management, leadership and strategic direction for the function and liaising closely with other managers.
- Routine line management and leadership of staff within the Information Security Management function
- Leadership and strategic direction for the function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security
- Liaison with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
- Leads the design, implementation, operation and maintenance of the Information Security Management practices
- Forms a “centre of excellence” for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively
- Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the CIO
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations
- Leads or commissions suitable information security awareness, training and educational activities
- Leads or commissions information security risk assessments and controls selection activities
- Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties
Key personal characteristics and competencies of the ideal candidate:
- At least 5 years of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)
- Information security management qualifications such as CISM or CISSP are an added benefit but not a requirement
- Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify this if necessary
- Typically a background in technical IT roles such as IT architecture, development or operations, with a clear and abiding interest in information security
- Requires a clear understanding of the challenges of information security.
- Requires excellent analytical and problem-solving abilities to identify and fix security risks.
- To build understanding and awareness of security issues throughout the organization, they must have excellent communication and presentation skills.
- Very strong team working skills to develop security solutions in collaboration with other information technology professionals.