Information Security Manager

Tasks

• Act as primary escalation point for security incidents
• Align IT support with security controls and acceptable use
• Attend customer meetings on security implementation
• Complete security questionnaires and RFP security sections
• Contribute to security architecture decisions
• Coordinate complex IT incidents and problems
• Coordinate incident corrective actions
• Deliver security awareness training and campaigns
• Embed controls with engineering DevOps HR and customer teams
• Enforce security policies and compliance checks
• Maintain security knowledge base
• Maintain standard operating procedures and operations platform
• Manage ISMS continuous improvement
• Manage IT support team and internal IT support
• Manage data privacy requests
• Manage device provisioning and deprovisioning
• Manage vendor and supplier risk assessments
• Oversee onboarding offboarding and account lifecycle management
• Oversee risk assessment and audit program
• Oversee security tooling and access review processes
• Own ISMS standards and compliance
• Own access control process and access validation
• Own security policies standards exceptions and control evidence
• Provide assurance for information confidentiality and availability
• Provide security risk posture reporting
• Remediate audit findings and track control improvements
• Select and renew SaaS and IT tools balancing usability cost and security
• Serve as Data Protection Officer when required
• Set information security strategy

Perks/Benefits

• Additional PTO for Birthday
• Competitive pay
• Flexible PTO
• International team
• Remote work option

Skills/Tech-stack

AWS | Access Control | Access Management | Access Review | Account lifecycle management | Audit management | Awareness Training | Azure | Cloud Security | Customer security | Customer security assurance | Data Privacy | Data Protection | Data Protection Officer | Device Management | Due Diligence | EDR | GDPR | ISMS | ISO 27001 | IT Operations | Identity and Access Management | Identity and access | Incident Response | Incident escalation | Information security | Lifecycle Management | MFA | Microsoft 365 | Multi-Factor | Multi-Factor Authentication | Password Management | RFP Security | RFP Security Review | Risk Assessment | Risk Management | Risk registers | SIEM | SOC 2 | SaaS administration | Security Architecture | Security Awareness Training | Security Policy | Security Questionnaires | Security assurance | Security awareness | Security incident | Security incident escalation | Security review | Security tooling | Subprocessor Oversight | Supplier Risk | Supplier Risk Management | UK GDPR | Vendor Risk | Vendor risk management | Vulnerability Management